New Innovations in Sophos Endpoint Security

ProductsIntercept XSophos Endpoint

Check out the latest enhancements in our market-leading Sophos Intercept X Endpoint solution that protects Windows, macOS, and Linux systems against never-before seen ransomware, malware, phishing, web threats, and attacker-led behaviors.

Year in, year out, Sophos Intercept X Endpoint delivers superior cybersecurity outcomes to over a quarter of a million organizations worldwide thanks to our relentless focus on innovation and our commitment to delivering the strongest protection.

Testament to the quality of our defenses, Sophos ranked as industry best in SE Labs’ protection tests in the fourth quarter of 2022, earning AAA ratings across the board. In both the Enterprise and SMB categories, we achieved:

  • 100% rating for Protection Accuracy
  • 100% rating for Legitimate Accuracy
  • 100% rating for Total Accuracy

Customers also give Sophos top scores. As of February 20th, 2023, Sophos Intercept X Endpoint has a 4.8/5 rating across 374 independent reviews on Gartner Peer Insights, with 95% of customers saying they would recommend Sophos.

While we’re proud of all these results, we are passionate about protecting our users and delivering the very best products for our partners to resell. Let me share with you some recent enhancements that help customers stay ahead of today’s well-funded, constantly innovating adversaries and streamline day-to-day endpoint security management.

Adaptive Active Adversary Protection

We’re constantly developing new protection techniques to guard our customers against the latest attacks. One of the latest additions to Sophos Endpoint security is Adaptive Active Adversary Protection. This new capability from SophosLabs is automatically activated whenever we detect signs that a device has been compromised and there is a hands-on-keyboard attack in progress.

Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities that are commonly performed in human-led attacks. Just a few examples of the malicious behaviors that we prevent include:

  • Attempts to run remote admin tools
  • Attempts to run untrusted executables
  • Attempts to boot the machine in Safe Mode

Plus many, many more…

By stopping a malicious actor from performing these activities, Adaptive Active Adversary Protection slows the attack and buys time for security teams to respond to the threat before the adversary can achieve their goal. Once there are no further signs of adversary activity on the device, Adaptive Active Adversary Protection is turned off automatically. No manual enablement or tuning required!

Account Health Check

Sophos Endpoint is packed with technologies that protect organizations against advanced threats. The Account Health Check lets you quickly ensure those capabilities are correctly configured and deployed, optimizing your protection. Available to all customers via the Sophos Central platform, the Account Health Check performs several key assessments:

  • Software assignment – do devices have all the Sophos Endpoint software components assigned to them?
  • Threat policy – are policies using Sophos’ recommended settings?
  • Exclusions – are any exclusions creating attack surface exposure?
  • Tamper protection – has tamper protection been disabled on any workstations and servers?

Should the Account Health Check detect any issues, a simple ‘fix automatically’ option lets customers update their protection instantly to the recommended settings. Customers have used this easy remediation option over 11,000 times in the three months since we introduced this feature, optimizing their security posture in a single click.

While recommended settings are automatically applied with all new Sophos deployments, over time issues can develop as devices are added and removed, team members change, and different software subscriptions are purchased. We recommend reviewing the Account Health Check at least every three months – and ideally monthly – to maintain a healthy environment.

Enhanced Software Management Options

Although all organizations need the same high levels of protection, larger companies often require more granular management capabilities. We recently released Fixed Term Support packages and special ‘Maintenance Release’ (MR) packages for Windows computers and servers, with macOS and Linux coverage coming later this year.

Fixed Term Support packages enable customers to precisely control which versions of Sophos Endpoint software they deploy on specific devices/groups of Windows devices. This allows you to control when devices are upgraded instead of being on the Sophos update schedule.

Special ‘Maintenance Release’ (MR) packages are where Sophos Support makes packages available to specific customers that contain fixes before the next full software rollout. Customers can apply these packages immediately to targeted devices, rapidly accelerating an organization’s ability to address an issue.

Read more about these features on the Sophos Community.

Malware Protection Enhancements for Linux

Customers asked us for on-access malware scanning and quarantine for Linux machines – and we’ve delivered. These features are now live, complementing our existing Linux protection functionality, including runtime detections, live detection, and live response.

As a reminder, the legacy Sophos Antivirus for Linux product will be retired in July 2023, so if you have customers who are still using Sophos Antivirus for Linux, don’t forget to switch them to the new Sophos Protection for Linux agent.

Faster, Lightweight Agent

Sophos Endpoint delivers superior protection without compromise. We’ve expanded our protection capabilities while also reducing the Windows agent’s memory footprint by 40% and reducing the number of processes by over 30%. Plus, we’ve introduced a new XDR-sensor deployment option that is ~80% lighter than the older full agent. The result: accelerated performance of applications, workloads, and devices.

Built-in ZTNA Agent – on Windows and macOS Devices

Zero-Trust Network Access (ZTNA) is fast becoming the remote access technology of choice for organizations of all sizes. It enhances security, is easier to manage, and works reliably everywhere without getting in the way.

Sophos Intercept X Endpoint is the only endpoint protection solution with a built-in ZTNA agent, future-proofing customers’ defenses. Following our recent addition of macOS support, organizations can extend their protection to include Sophos ZTNA across their entire estate at any time, without the need to deploy an additional agent*.  Both solutions are managed through the Sophos Central platform for elevated ease of use.

* Requires Sophos ZTNA subscription purchase

More Coming Soon!

We have an exciting and aggressive roadmap that continues our delivery of innovative, market-leading protection for our customers. In the coming months, we look forward to introducing a Long-Term Support (LTS) version for Windows that allows customers to stay on a static version for up to 18 months. This is particularly useful for critical infrastructure where version control is strictly controlled.

We’ll also be adding a new software version report in the Central UI. With the ability to define which version/packages are deployed to every device, this new report will enable customers to quickly review and identify versions/packages running on their devices.

Following the very warm customer response to the Account Health Check, we will soon be launching additional features including a new ‘snooze’ option to defer checks to a later time, proactive alerts that notify you whenever a configuration change is made that affects cyber health, and scoring that enables you to track improvements in security posture over time.

We’re further enhancing the Sophos Linux Sensor (SLS), adding the ability to ingest detection data into the Sophos Data Lake and Threat Analysis Center, and we’ll also enable security teams to create and manage runtime detections in Sophos Central.

Plus, for macOS, admin-led device isolation will be available imminently, and we’re planning to open our Early Access Program (EAP)  for HTTPS decryption for web protection next quarter. I look forward to sharing more details about these and other enhancements shortly.

Sophos Endpoint Resources

The Sophos Partner Portal provides you with a wealth of product and sales resources, enablement materials and ready-to-run marketing campaigns. Discover what’s available today!

 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.