Sophos Security

Overview

Sophos (Greek word for wise or clever) was founded in 1985 in Abingdon (Oxford), UK by Oxford Ph.D. students. They wanted to make a bulky IBM machine portable, but never secured funding. In 1988 they decided to work with encryption in response to the first computer virus. From there, their mission became protection and it took off. Today, they are a global company in 150 countries, have a team of 3,500+ employees, protect 420,000 customers, and their security protection focus is split solely between Network Security (firewall, email, etc) and End User Security (computer and mobile endpoint apps, etc). Sophos’s market model is Channel First, meaning they do not directly sell to customers. Instead, they rely on trained channel partners, such as me.

Their mission statement: We protect people from cybercrime by developing powerful and intuitive products and services that provide the world’s most effective cybersecurity for organizations of any size.

Alarming Statistics

Every IT manager or business owner should know:

51% of IT managers admit to being hit by ransomware last year, 73% of which cyber criminals succeeded in encrypting data out from under the business.

$760,000 is the average cost of cleaning up a small business ransomware attack, including remediation and lost revenue.

Cybersecurity Evolved

Sophos has reimagined security as Cybersecurity Evolved, the ability for security to be synchronized, predictive and adaptive in order to deliver the best protection possible. 

Predict. Adapt. Evolve. Sophos has an edge over their competitors in part due to having some of the most advanced technology I’ve ever seen with a security provider.

Predictive prevention enables Sophos to protect our customers from advanced never-before-seen attacks by leveraging our world renown data science and SophosLabs organization.  They do this via:

1. Integrating AI and ML models everywhere – not just on the endpoint. Over 26 machine learning models are integrated across their product portfolio from endpoints and servers, to mobile devices, email, sandboxing, web and cloud workload protection. 
2. Anti-ransomware technology detects malicious encryption processes in real-time and returns your system to a safe state even if the ransomware has never been seen before.
3.  Our anti-exploit technology prevents more exploit techniques than any product on the market and in fact covers more exploits than are even defined by the MITRE framework.

Enterprise-level detection capabilities enable customers to stop attacks by identifying areas of risk and investigating suspicious events before they become a problem.

1. Detection capabilities in multiple products look for anomalies in file behavior, application or processes that have gone rogue, or even strange network traffic, unauthorized access to resources or privilege escalation.
2. AI-driven hunting provide customers with prioritized alerst and actions they can take, so they can focus on the highest risks first.
3. Live Discover gives customers the ability to ask detailed questions to hunt down and neutalize evasive and subtle threats even faster
4. Live Response provides security experts the ability to remediate any issues if and when they are discovered.

Automated Response. A synchronized security approach improves protection exponentially by automating IT security responses such as:

1. Block compromised devices from accessing corporate data
2. Identify unclassified applications and processes that are using bandwidth
3. Block lateral movement between computers in the network which is so common in many of today’s advanced attacks
4. Isolate infected machines to prevent a breach from spreading
5. Classify and block all undesirable apps using up bandwidth

• Central Management
• With our entire next-gen security products all managed from Sophos Central, customers see immediate benefits in reduced time to find the information they need.
• With operations more automated through synchronized security, customers are spending a lot less time on tactical incident response
• Integration with RMM, PSA vendors further automate operations and save IT time
• Open APIs allow Administrators, Partners and Vendors to extend the platform as needed

Sophos systems share intelligence inside and outside the system for better protection and efficiency and the system can adapt based on what it is seeing through:

• Real-time analysis and response
• Integrating and interpreting threat feeds
• Reverse engineering suspicious files

AI-prioritized risk threat hunting shows analysts where to focus through a simple threat score, which saves countless hours; and with guided investigations based on our machine learning technology we provide recommended actions to take based on the shared intelligence.  It all makes IT security more effective and efficient by focusing security teams on what’s most important.

Here’s the complete product offering from Sophos, all of which is centrally managed through their portal, Sophos Central.

XG Firewall

Sophos XG Firewall provides comprehensive next-generation firewall protection that exposes hidden risks, blocks unknown threats, and automatically responds to incidents.  It allows customers to manage their firewall, respond to threats and monitor what’s happening on their networks easily.

• Exposing hidden risks: XG Firewall provides superior visibility into risky activity, suspicious and encrypted traffic, and advanced threats. It exposes traffic and apps which would otherwise be hidden, and so helps regain control of the network.
• Blocks unknown threats: XG Firewall has all the latest technology to protect a network from ransomware, unknown, and advanced threats. It offers Cloud Sandboxing plus extensive AI based threat analysis powered by SophosLabs, Dual AV, Web and App Control, Email Protection and a full-featured Web Application Firewall.
• Automatic incident response: Sophos Security Heartbeat™ shares telemetry and health status between Sophos endpoints and the firewall, to enable Lateral Movement Protection, and identify and automatically categorize apps and web traffic. XG Firewall is the only network security solution that is able to fully identify the source of an infection on a network and automatically limit access to other network resources in response.
• XStream advantage: The XG Firewall Xstream architecture delivers unprecedented levels of visibility, protection, and performance efficiency. Xstream SSL Inspection removes blind spots by decrypting traffic without degrading your performance. The Xstream DPI engine combines multiple protection technologies for more efficient packet handling. And the Xstream Network Flow FastPath provides a fast lane for trusted traffic
• Managed in Sophos Central: Sophos Central is the ultimate cloud-management platform. It makes day-to-day setup, monitoring, management, and reporting of XG Firewall easy.

InterceptX

Sophos Endpoint protection, called Intercept X, has the most advanced technology ever built. This product has been a winner!

Sophos Intercept X stops the widest range of attacks with a unique combination of deep learning malware detection , exploit prevention and anti-ransomware all managed from Sophos Central. Intercept X employs a comprehensive defense-in-depth approach to endpoint protection, rather than simply relying on the one primary security technique.

• Deep learning: The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning that detects both known and unknown malware without relying on signatures. Powered by deep learning, Intercept X has the industry’s best malware detection engine, as validated by third party testing authorities. This allows Intercept X to detect malware that slips by other endpoint security tools.
• Stop the exploit: Vulnerabilities show up at an alarming rate in software and need to be constantly patched by vendors. New exploit techniques on the other hand are much rarer, and are used over and over again by attackers with each vulnerability discovered. Exploit prevention denies attackers by blocking the exploit tools and techniques used to distribute malware, steal credentials, and escape detection. This allows Sophos to ward off evasive hackers and zero-day attacks in a network.
• Ransonware protection: Intercept X utilizes behavioral analysis to stop never-before-seen ransomware and boot-record attacks, making it the most advanced anti-ransomware technology available. Even if trusted files or processes are abused or hijacked, CryptoGuard will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify documents and other files.
• Management and deployment: Managing security from Sophos Central means customers no longer have to install or deploy servers to secure endpoints. Sophos Central provides default policies and recommended configurations to ensure that customers get the most effective protection from day one.

Endpoint Detection Response

Intercept X Advanced with EDR allows customers to ask any question about what has happened in the past and what is happening now on their endpoints. IT teams can hunt threats to detect active adversaries, or leverage IT operations to maintain IT security hygiene.

Managed Threat Response

Sophos offers MTR, a 24/7 threat hunting, detection, and response delivered by an expert team as a fully managed service (SOC aaS). This provides peace of mind and is a pay as a go model, can deploy however many licenses you want for as long as you want, no quotes needed. One security vendor, one management dashboard, and one flexible program.

Managed Threat Response (MTR) provides 24/7 threat hunting, detection and response capabilities delivered by an expert team as a fully-managed service.  Few organizations have the right tools, people and processes in-house to effectively manage their security program around the clock while proactively defending against new and emerging threats.  Going beyond simply notifying customers of attacks or suspicious behaviors, the MTR team takes targeted actions on their behalf to neutralize even the most sophisticated and complex threats.

Cloud Optix

Cloud Optix delivers the continuous analysis and visibility organizations need to detect, response and prevent security and compliance gaps while finding ways to optimize cloud spend.  Cloud Optix combines the power of Artificial Intelligence and automation to simplify compliance, governance and security monitoring in the cloud.

• Multi-cloud visibility: View inventories and visualizations for AWS, Azure, Google Cloud and Kubernetes. Continually analyse for security risks, over-privileged access and spend anomalies.
• Fix security gaps fast: Get automatic identification and risk-profiling of security and compliance risks, with contextual alerts grouping affected resources, detailed remediation steps and guided response.
• Optimize cloud costs: Track cloud services side by side on a single screen for improved visibility, receive independent recommendations to reduce spend and identify indicators of compromise.
• Stay compliant: Automate compliance assessments, save weeks of effort mapping Control IDs from over-aching compliance tools and produce audit-ready reports instantly.
• Smarter DevSecOps: Seamlessly integrate security and compliance checks at any stage of the development pipeline to detect misconfigurations and embedded secrets, passwords and keys.
• Integrate Seamlessly: Access Cloud Optix features programmatically via a REST API and integrate seamlessly with third-party services such as SIEM and DevOps tools to streamline security operations.

Sophos Home

Sophos Home provides industrial grade cybersecurity for consumers allows consumers to extend Sophos security from work to home.  Using advanced ransomware protection, cutting-edge AI malware detection with deep learning it protects consumer devices from never-before-seen threats.

• Malware scanning: Starts with a deep scan of your computers to find and remove malware lurking on your system. Eliminates viruses, trojans, rootkits, spyware, and more.
• Real-time Mac antivirus: Utilizes behavioral detections and the extensive SophosLabs databases to constantly protect your Mac from viruses, malware, trojans, worms, bots, unwanted applications, ransomware, and more.
• Ransomware security: Protects your personal files and photos from being encrypted and held for ransom. Blocks ransomware and rolls back any affected files to a pre-tampered state.
• Security management: Protects all your devices. Secure up to 10 Mac and Windows computers, plus an unlimited amount of iOS and Android devices.
• Privacy protection: Blocks unwanted access to your webcam and microphone and stops apps from covertly sharing your personal information.
• Web protection: Blocks phishing sites and bad or compromised websites for safe browsing, banking, and shopping.
• Parental web filtering: Gives you parental control over the web content your children can access. Simply select categories to filter and let Sophos do the rest.
• Premium support: Provides live email and chat support 8am-8pm EST Monday-Friday, and access to our knowledge base 24/7.

Sophos OEM

Sophos OEM allows partners to augment their existing cybersecurity investments with Sophos accurate, curated and real-time threat intelligence. This allows for improved threat visibility and speeds up incident response to combat zero-day malware and phishing threats with Sophos’ static file analysis and sandbox solutions.

Synchronized Security

Security Heartbeat ™ allows you to share data between two appliances.