Intercept X has released, and enabled, a new protection feature called Dynamic Shellcode Protection. This is an exciting new addition to Sophos Intercept X, designed to prevent active adversaries from achieving one of their most sought-after goals: using remote access agents to gain “hands on keyboard” privileges.
According to Mark Loman, Director of Engineering at Sophos “The Dynamic Shellcode Protection is unique to Sophos. It basically puts a HARD LIMIT on ANY application to what memory they can allocate. It impacts EVERY process on the box, even Windows’ own processes! I am not overstating things when I say that imposing this limit is incredibly, incredibly bold of Sophos”.
You can read an article on Sophos News talking about this new feature.
For a technical deep dive into this attack technique and how Dynamic Shellcode Protection stops it, read Mark Loman’s excellent article also on Sophos News.
Feel free to share the above articles with customers.