Sophos Ltd. has unveiled an endpoint detection and response (EDR) add-on for the advanced edition of its Intercept X security solution.
Introduced just over two years ago, Intercept X is a behavior-based endpoint protection solution designed to identify and block both known and entirely new threats in real time. The supplemental technology announced today, which is available immediately through a global pre-release early access program, seeks to help users without security expertise analyze less clearly dangerous files as well and respond to the risks they pose appropriately.
“It allows you without a deep level of sophistication to do your own malware research,” says Dan Schiappa, senior vice president and general manager of products at Sophos Ltd.
Drawing on the same neural networking-based deep learning capabilities Sophos added to Intercept X in January, the new EDR system automatically assesses a suspicious file’s reputation and provides guidance on whether further investigation is warranted. If it is, users can immediately request insights on the file from the threat intelligence database maintained by the vendor’s SophosLabs research unit. SophosLabs analysts study some 400,000 new and unique attack samples daily.
“These are not run-of-the-mill kind of spray and pray pieces of malware,” Schiappa notes. “These are very highly unique, and in some cases very specific to a certain attack.”
Though not a substitute for a security operations center, Intercept X’s EDR functionality is designed to perform many of the same functions. “If you don’t have a SOC, this is going to provide you insights way better than you would have had otherwise,” Schiappa says. “If you do have a SOC, this is something that will add depth of information and add value to what you’ve already invested.”
Either way, he continues, the new system helps channel pros better serve customers without hiring high-priced security experts. “We’re trying to really take the role of a very hard to find security analyst,” Schiappa says.
Organizations that have analysts on staff can use the new EDR product as well to prioritize threats more effectively, he adds. MSPs, meanwhile, can use the system to augment their monthly recurring revenue by adding advanced threat assessment and response assistance to the more basic security services they already deliver.
“This is a product that we think fits right into the MSP wheelhouse,” Schiappa says. “They can look at this as a way to add even more value to their customers and create additional revenue streams.”
Intercept X has included limited detection and response functionality since it first reached market in the form of a root cause analysis component that spots successful breaches, diagnoses what allowed them to happen, identifies compromised files, and recommends follow-up steps. That feature addresses known bad files only, however.
“It’s really just a visualization of the attack that we’ve already detected, and basically the ability for you to understand what happened in that attack,” Schiappa says. “Now we have the ability to actually jump in and look at things that weren’t necessarily convicted but were suspicious.”