Sophos has updated its endpoint security solutions to provide enhanced protection against human attackers and expanded protection for widely used operating systems.
New functionality in Intercept X, the vendor’s flagship endpoint protection system, includes “adaptive active adversary protection” designed to detect and respond to “hands-on-keyboard” incidents perpetrated in real time by live threat actors.
Unlike the behavior-based protection Intercept X has provided since its introduction, which identifies commonly seen, clearly malicious techniques, the new feature looks for more subtle activities involving attack toolkits and combinations of less obvious actions often seen in the early stages of an intrusion. If it spots something, the system now automatically implements heightened defenses such as blocking untrusted executables and remote access tools or preventing boot configuration changes.
“Adaptive active adversary protection is a core part of Sophos’ ‘shields up’ design methodology, providing defenders with the additional time needed to respond to targeted attacks,” says Anthony Merry, senior director of product marketing at Sophos.
New as well to Intercept X Advanced for Server is expanded protection for Linux endpoints that supplements existing anti-malware and quarantine functionality with XDR capabilities, including runtime detection of Linux-specific threats, Live Discover for
investigation, and integrated Live Response to assist with remediation.
Sophos has also rolled out a new zero-trust network access agent for Intercept X that supports macOS devices in addition to Windows endpoints, allowing organizations to extend ZTNA to entire estates without deploying an additional agent.
The Intercept X agent is more compact now as well, requiring 30% fewer processes, according to Sophos, and 40% less memory on Windows devices. A new extended detection and response sensor deployment option, furthermore, is approximately 80% lighter than the previous full-scale agent.
Additionally, Sophos ZTNA, the vendor’s remote access VPN replacement solution, now includes cloud gateways linked to Sophos Central that users can deploy wherever their cloud apps are located. Sophos Central then brokers connections between users and the gateways without assistance from network address translation rules or special firewall rules.
A new real-time account health check feature, finally, checks security configurations and policy settings against best practices. Technicians can then reimplement recommended settings in a single click.
All of the new features unveiled today are available immediately to existing and new Intercept X and ZTNA users.
ZTNA is currently the fastest-growing segment in network security, according to Gartner, which expects global spending on the technology to grow 31% this year in response to increased need to protect remote workers. Gartner further predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA versus VPN services, up from less than 10% at the end of 2021.