Thursday, 06 May 2021 14:24

Sophos provides proactive defence from sophisticated cyberattacks

0
Shares
By

Sophos XDR, the latest solution from Sophos, synchronises native endpoint, server, firewall, and email security, and creates “the most comprehensive and integrated threat detection and response system.”

Sophos, launches Sophos XDR, the “industry’s only extended detection and response (XDR) solution that synchronises native endpoint, server, firewall, and email security.”

We’re told: “Sophos XDR provides a holistic view of an organisation’s environment with the richest data set and deep analysis for threat detection, investigation and response.”

Dan Schiappa, chief product officer at Sophos, claims: “We’re seeing an extraordinarily high level of complex ransomware and other cybercrime, and the need for effective, comprehensive cybersecurity has never been more critical or urgent.”

Sophos XDR, according to Schiappa, is a “new solution for proactively defending against the most sophisticated and evasive attacks, especially those that leverage multiple access points to gain entry, move laterally to evade detection, and do as much damage as possible as fast as possible.”

Attacks on Steroids
Sophos published new research, Intervention halts a ProxyLogon-enabled attack detailing an attack against a large organisation when hackers compromised an Exchange Server using the recent ProxyLogon exploit.

The research shows how the attackers moved laterally through the network and, over two weeks, “stole account credentials, compromised domain controllers, secured a foothold on multiple machines, deployed a commercial remote access tool to retain access to hacked machines, and delivered a number of malicious programs.”

Schiappa affirms the report. “The attackers returned repeatedly, sometimes with different tools and other times to deploy the same tool, such as Cobalt Strike, on different machines. They used a commercial remote access utility rather than the more standard RDP that threat hunters would more typically look for.”

“This report explains the complex nature of human-operated cyberattacks and how multi-stage, multi-vector incidents are difficult for IT security teams to track and contain. The target simply couldn’t keep up with the attack activity taking place across all parts of the estate”, he adds.

Schiappa cites the 2021 State of Ransomware report, and says this “issue is more widespread than this one incident. More than 54% of IT managers surveyed said cyberattacks are too advanced for their IT teams to handle on their own. XDR is a critical defence component.”

Deep Threat Analysis with Rich Data Set
Sophos XDR extends visibility for an in-depth picture of threats. Sophos XDR offers two types of data retention, including up to 90 days of on-device data, plus 30 days of cross-product data in the cloud-based data lake.

The unique approach of blending on-device and data lake forensics “provides the broadest and most in-depth contextualised insights that can be leveraged by security analysts through Sophos Central and via open application programming interfaces (APIs) for ingestion into security information and event management (SIEM); security orchestration, automation and response (SOAR); professional service automation (PSA); and remote monitoring and management (RMM) systems.”

The data lake hosts critical information from Intercept X, Intercept X for Server, Sophos Firewall, and Sophos Email. Sophos Cloud Optix and Sophos Mobile will also feed into the data repository later this year.

Security and IT teams can “easily access this data to run cross-product threat hunts and investigations, and to quickly reveal past and present attacker activity. The availability of offline access to historical data further protects against lost or impacted devices.”

Sophos released a new version of its “industry-best endpoint detection and response: Sophos EDR. New scheduled queries and customisable contextual pivoting capabilities make it faster and easier for security analysts and IT administrators to identify, investigate, and respond to security issues with speed and precision.

Users further benefit with new pre-configured queries and powerful threat intelligence through integration with SophosLabs Intelix. Sophos EDR customers can access seven days of cloud hosted data (upgradable to 30 days) in the data lake, in addition to 90 days of on-device data.

Alistair Knowles, cyber security analyst at Ted Baker, says security is a top priority for them. “We’re committed to protecting our loyal customers’ data, and that starts with securing our networks against advanced threats”, he says.

He attests, “Sophos XDR provides critical visibility into a goldmine of valuable endpoint data, enabling us to detect and stop threats before they cause any damage. We can easily look for those needles in a haystack kind of incidents and determine their scope with both new and historical data at our fingertips.”

He concludes: “Integration with solutions like Splunk, for example, take it to the next level with even deeper insights. Once we have the forensics needed to neutralise a threat, Sophos’ Live Response capabilities enable us to remediate issues remotely, which is imperative in today’s remote working environments.”

Cybersecurity Evolved: An Adaptive and Open Cybersecurity Ecosystem
Sophos XDR and EDR are part of the Sophos adaptive cybersecurity ecosystem (ACE), a new open security architecture that optimises threat prevention, detection, and response. Sophos ACE leverages automation and analytics, as well as the collective input of Sophos products, partners, customers, developers, and other security industry vendors to create protection that continuously improves.

Sophos ACE is built upon the data lake, correlating actionable insights from Sophos solutions and services as well as threat intelligence from SophosLabs, Sophos AI and the Sophos Managed Threat Response team. Open APIs “enable customers, partners and developers to build tools and solutions that interact with the system and to take advantage of existing integrations.”

“Attackers are smarter and now better at evading detection. The only way to keep pace is with AI-powered automation to analyse and react faster to behaviours and events, coupled with human analysts to correlate multiple suspicious signals and interpret their true meaning,” suggests Schiappa.

He concludes: “The Sophos adaptive cybersecurity ecosystem is an evolution of Sophos’ synchronised security approach, and a smart solution to a complex problem. The smart ecosystem is engineered to protect the interconnectedness of our businesses and online world, and it couldn’t come at a more pivotal time given realities of the past year that forced sudden shifts in remote working and cloud adoption.”


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Business IT
Tagged under
Kenn Anthony Mendoza

Kenn Anthony Mendoza is the newest member of the iTWire team. Kenn is also a contributing writer for South China Morning Post Style, and has written stories on Korean entertainment, Asian and European royalty, Millionaires and Billionaires, and LGBTQIA+ issues. He has been published in Philippine newspapers, magazines, and online sites: Tatler PhilippinesManila BulletinCNN Philippines LifePhilippine StarManila Times, and The Daily Tribune. Kenn now covers all aspects of technology news for iTWire.com.

Latest from Kenn Anthony Mendoza

Related items

More in this category: « Epson pledges to use renewable electricity Juniper Networks unveils security director cloud »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top