Scribd Logo
Upload

Welcome to Scribd!

  • Comparativo Endpoint Protection - Antivirus

    Uploaded by

    David Acero
    19 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views3 pages

    Comparativo Endpoint Protection - Antivirus

    Uploaded by

    David Acero

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Intercept X & Central Endpoint Protection Overview

    Managed by Sophos Central


    CENTRAL ENDPOINT INTERCEPT X INTERCEPT X ADVANCED
    SKU
    PROTECTION ADVANCED WITH EDR
    Web Security   
    ATTACK SURFACE
    REDUCTION

    Download Reputation   
    Web Control / Category-based URL Blocking   
    Peripheral Control (e.g. USB)   
    Application Control   
    Deep Learning Malware Detection  
    BEFORE IT RUNS

    Anti-Malware File Scanning   


    ON DEVICE

    Live Protection   
    Pre-execution Behavior Analysis (HIPS)   
    Potentially Unwanted Application (PUA) Blocking   
    PREVENT

    Intrusion Prevention System (IPS, coming 2020)   


    Data Loss Prevention   
    Runtime Behavior Analysis (HIPS)   
    STOP RUNNING THREAT

    Antimalware Scan Interface (AMSI)   


    Malicious Traffic Detection (MTD)   
    Exploit Prevention (details on page 2)  
    Active Adversary Mitigations (details on page 2)  
    Ransomware File Protection (CryptoGuard)  
    Disk and Boot Record Protection (WipeGuard)  
    Man-in-the-Browser Protection (Safe Browsing)  
    Enhanced Application Lockdown  

    DETECT

    Cross Estate Threat Searching (inc. files, scripts)


    DETECT AND INVESTIGATE

    Suspicious Events Detection and Prioritization 


    Threat Cases (Root Cause Analysis)  
    INVESTIGATE

    Deep Learning Malware Analysis 


    Advanced On-demand SophosLabs Threat Intelligence 
    Forensic Data Export 
    Automated Malware Removal   
    REMEDIATE

    Synchronized Security Heartbeat   


    RESPOND

    Sophos Clean  
    On-demand Endpoint Isolation 
    Single-click “Clean and Block” 
    Sophos Intercept X Features
    Details of features included in Intercept X. Intercept X Advanced also includes features from Sophos Central Endpoint Protection.

    Features Features

    Enforce Data Execution Prevention  

    RANSOMWARE
    Ransomware File Protection (CryptoGuard)  
    Mandatory Address Space Layout Randomization  

    ANTI-
    Bottom-up ASLR   Automatic file recovery (CryptoGuard) 
    Null Page (Null Deference Protection)   Disk and Boot Record Protection (WipeGuard) 
    Heap Spray Allocation  
    Dynamic Heap Spray  
    Web Browsers (including HTA)  

    APPLICATION
    Stack Pivot  

    LOCKDOWN
     Web Browser Plugins 
    Stack Exec (MemProt)   Java  
    Stack-based ROP Mitigations (Caller)  
    Media Applications  
    Branch-based ROP Mitigations (Hardware Assisted)  
    Structured Exception Handler Overwrite (SEHOP)   Office Applications 
    EXPLOIT PREVENTION

    Import Address Table Filtering (IAF)   Deep Learning Malware Detection 

    PROTECTION
    LEARNING
    Load Library  

    DEEP
    Deep Learning Potentially Unwanted
    Reflective DLL Injection   Applications (PUA) Blocking 
    Shellcode   False Positive Suppression 
    VBScript God Mode  
    Threat Cases (Root Cause Analysis) 

    INVESTIGATE
    Wow64  

    RESPOND

    REMOVE
    Syscall  
    Sophos Clean 
    Hollow Process  
    DLL Hijacking   Synchronized Security Heartbeat 
    Squiblydoo Applocker Bypass   Can run as standalone agent 
    APC Protection (Double Pulsar / AtomBombing)  

    DEPLOYMENT
    Can run alongside existing antivirus
    Process Privilege Escalation 
    Can run as component of existing
    Dynamic Shellcode Protection  Sophos Endpoint agent 
    EFS Guard 
    Windows 7, 8, 8.1, 10 
    CTF Guard 
    macOS* 
    ApiSetGuard 
    Credential Theft Protection   * features supported CryptoGuard, Malicious Traffic Detection,
    Synchronized Security Heartbeat, Root Cause Analysis
    MITIGATIONS
    ADVERSARY

    Code Cave Mitigation  


    ACTIVE

    Man-in-the-Browser Protection (Safe Browsing)  


    Malicious Traffic Detection 
    Meterpreter Shell Detection 
    Sophos Central Endpoint Protection Features
    OPERATING SYSTEMS

    Windows macOS

    Web Security  
    ATTACK SURFACE


    REDUCTION

    Download Reputation

    Web Control / URL Category Blocking  


    Peripheral Control (e.g. USB)  
    Application Control  
    Anti-Malware File Scanning  
    PRE-EXECUTION

    Live Protection  
    PREVENT

    Pre-execution Behavior Analysis (HIPS) 


    Potentially Unwanted Application (PUA) Blocking  
    Data Loss Prevention 
    RUNNING

    Runtime Behavior Analysis (HIPS) 


    THREAT
    STOP

    Malicious Traffic Detection (MTD)  


    REMEDIATE

    Automated Malware Removal  

    Synchronized Security Heartbeat  

    Server Operating Systems are not covered by Central Endpoint of Central Intercept X. Visit Sophos.com/server for more detail.

    © Copyright 2020. Sophos Ltd. All rights reserved.


    Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
    Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
    trademarks or registered trademarks of their respective owners.

    You might also like