Sophos, a global leader in network and
endpoint security, yesterday announced
the availability of Intercept X with malware
detection powered by advanced deep
learning neural networks.
Combined with new active-hacker
mitigation, advanced application
lockdown, and enhanced ransomware
protection, this latest release of the nextgeneration
endpoint protection delivers
previously unseen levels of detection and
“Predictive protection is the future of
IT security. Sophos has taken a huge step
forward by bringing deep learning neural
networks into the industry leading exploit
and ransomware protection of Intercept X,”
said Dan Schiappa, senior vice president
and general manager of products at Sophos.
“Being able to protect against the next
unknown attack instead of waiting for it to
arrive will change the way IT operations in
every organization can protect their users
and assets. Intercept X can bring the most
advanced next-generation protection to any
organization, regardless of their current
New features in Intercept X include: Deep
Learning Malware Detection Deep learning
model detects known and unknown
malware and potentially unwanted
applications (PUAs) before they execute,
without relying on signatures.
The model is less than 20MB and requires
infrequent updates Active Adversary
Mitigations Credential theft protection
– Preventing theft of authentication
passwords and hash information from
memory, registry, and persistent storage, as
leveraged by such attacks as Mimikatz
Code cave utilization – Detects the
presence of code deployed into another
application, often used for persistence and
antivirus avoidance
APC protection – Detects abuse of
Asynchronous Procedure Calls (APC) often
used as part of the AtomBombing code
injection technique and more recently used
as the method of spreading the WannaCry
worm and NotPetya wiper via EternalBlue
and DoublePulsar (adversaries abuse these
calls to get another process to execute
malicious code)
New and Enhanced Exploit Prevention
Malicious process migration – Detects
remote reflective DLL injection used by
adversaries to move between processes
running on the system
Process privilege escalation – Prevents a
low-privilege process from being escalated
to a higher privilege, a tactic used to gain
elevated system access
Enhanced Application Lockdown
Browser behavior lockdown – Intercept
X prevents the malicious use of PowerShell
from browsers as a basic behavior lockdown
HTA application lockdown – HTML
applications loaded by the browser will
have the lockdown mitigations applied as
if they were a browser
Deep learning is the latest evolution of
machine learning. It delivers a massively
scalable detection model that is able to learn
the entire observable threat landscape. With
the ability to process hundreds of millions
of samples, deep learning can make more
accurate predictions at a faster rate with
far fewer false-positives when compared to
traditional machine learning.
This new version of Sophos Intercept
X also includes innovations in antiransomware
and exploit prevention,
and active-hacker mitigations such as
credential theft protection. As anti-malware
has improved, attacks have increasingly
focused on stealing credentials in order to
move around systems and networks as a
legitimate user, and Intercept X detects and
prevents this behavior. Deployed through
the cloud-based management platform
Sophos Central, Intercept X can be installed
alongside existing endpoint security
software from any vendor, immediately
boosting endpoint protection. When used
with the Sophos XG Firewall, Intercept
X can introduce synchronized security
capabilities to further enhance protection.
First launched in September 2016,
Intercept X has been proven in tens of
thousands of organizations worldwide.
Pricing and licensing details are available
from registered Sophos channel partners

READ ALSO  Communications ministry partners Nigerian army on ICT