Scribd Logo
Upload

Welcome to Scribd!

  • Intercept X Central Endpoint Protection License Guide

    Uploaded by

    hbachour
    3 views3 pages
    j

    Original Title

    intercept-x-central-endpoint-protection-license-guide (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    j

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views3 pages

    Intercept X Central Endpoint Protection License Guide

    Uploaded by

    hbachour
    j

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Intercept X & Central Endpoint Protection Overview

    Managed by Sophos Central


    CENTRAL ENDPOINT INTERCEPT X INTERCEPT X ADVANCED
    SKU INTERCEPT X
    PROTECTION ADVANCED WITH EDR
    Web Security   
    ATTACK SURFACE
    REDUCTION

    Download Reputation   
    Web Control / Category-based URL Blocking   
    Peripheral Control (e.g. USB)   
    Application Control   
    Deep Learning Malware Detection   
    BEFORE IT RUNS

    Anti-Malware File Scanning   


    ON DEVICE

    Live Protection   
    Pre-execution Behavior Analysis (HIPS)   
    PREVENT

    Potentially Unwanted Application (PUA) Blocking   


    Data Loss Prevention   
    Exploit Prevention   
    STOP RUNNING THREAT

    Runtime Behavior Analysis (HIPS)   


    Malicious Traffic Detection (MTD)    
    Active Adversary Mitigations   
    Ransomware File Protection (CryptoGuard)   
    Disk and Boot Record Protection (WipeGuard)   
    Man-in-the-Browser Protection (Safe Browsing)   
    Enhanced Application Lockdown   

    DETECT

    Cross Estate Threat Searching


    DETECT AND INVESTIGATE

    Suspicious Events Detection and Prioritization (coming in 2019) 


    Threat Cases (Root Cause Analysis)   
    INVESTIGATE

    Deep Learning Malware Analysis 


    Advanced On-demand SophosLabs Threat Intelligence 
    Forensic Data Export 
    Automated Malware Removal    
    Synchronized Security Heartbeat    
    REMEDIATE
    RESPOND

    Sophos Clean   
    On-demand Endpoint Isolation 
    Single-click “Clean and Block” 
    Sophos Intercept X Features
    Details of features included in Intercept X. Intercept X Advanced also includes features from Sophos Central Endpoint Protection.

    Features Features

    Enforce Data Execution Prevention 

    RANSOMWARE
    Ransomware File Protection (CryptoGuard) 
    Mandatory Address Space Layout Randomization 

    ANTI-
    Automatic file recovery (CryptoGuard) 
    Bottom-up ASLR 
    Null Page (Null Deference Protection) 
    Disk and Boot Record Protection (WipeGuard) 
    Heap Spray Allocation  Web Browsers (including HTA) 

    APPLICATION

    LOCKDOWN
    Dynamic Heap Spray  Web Browser Plugins

    Stack Pivot  Java 


    Stack Exec (MemProt)  Media Applications 
    Stack-based ROP Mitigations (Caller)  Office Applications 
    Branch-based ROP Mitigations (Hardware Assisted) 
    EXPLOIT PREVENTION

    Deep Learning Malware Detection 

    PROTECTION
    LEARNING
    Structured Exception Handler Overwrite (SEHOP) 

    DEEP
    Deep Learning Potentially Unwanted
    Applications (PUA) Blocking 
    Import Address Table Filtering (IAF) 
    Load Library  False Positive Suppression 
    Reflective DLL Injection  Threat Cases (Root Cause Analysis) 

    INVESTIGATE
    RESPOND

    REMOVE
    Shellcode 
    Sophos Clean 
    VBScript God Mode 
    Wow64 
    Synchronized Security Heartbeat 
    Syscall  Can run as standalone agent 
    Hollow Process  Can run alongside existing antivirus 
    Can run as component of existing
    DLL Hijacking  Sophos Endpoint agent 
    Squiblydoo Applocker Bypass  DEPLOYMENT
    Windows 7 
    APC Protection (Double Pulsar / AtomBombing) 
    Windows 8 
    Process Privilege Escalation  Windows 8.1 
    Credential Theft Protection 
    ACTIVE ADVERSARY

    Windows 10 
    MITIGATIONS

    Code Cave Mitigation 


    macOS* 
    Man-in-the-Browser Protection (Safe Browsing) 
    * features supported CryptoGuard, Malicious Traffic Detection,
    Malicious Traffic Detection  Synchronized Security Heartbeat, Root Cause Analysis
    Meterpreter Shell Detection 
    Sophos Central Endpoint Protection Features
    OPERATING SYSTEMS

    Windows macOS

    Web Security  
    ATTACK SURFACE


    REDUCTION

    Download Reputation

    Web Control / URL Category Blocking  


    Peripheral Control (e.g. USB)  
    Application Control  
    Anti-Malware File Scanning  
    PRE-EXECUTION

    Live Protection  
    PREVENT

    Pre-execution Behavior Analysis (HIPS) 


    Potentially Unwanted Application (PUA) Blocking  
    Data Loss Prevention 
    RUNNING

    Runtime Behavior Analysis (HIPS) 


    THREAT
    STOP

    Malicious Traffic Detection (MTD) 


    REMEDIATE

    Automated Malware Removal  

    Synchronized Security Heartbeat  

    Server Operating Systems are not covered by Central Endpoint or Central Intercept X.
    Central Intercept X Advanced also includes all Intercept X features.

    © Copyright 2018. Sophos Ltd. All rights reserved.


    Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
    Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
    trademarks or registered trademarks of their respective owners.

    You might also like