• 18 Aug 2017

    The Difference between traditional AV and Intercept X(An analogy)

    When explaining how Intercept X stops malicious activity and how it is different to traditional anti-virus software the explanation can be long, technical and not so easy to understand. In a nut shell Intercept X is detecting the techniques and tactics used by malware and active adversaries where traditional anti-virus detects already known malware and its variants. Well frankly that does not do a good job explaining...
    • 4 Aug 2017

    Petya - Ransomware attack components and behaviors

    Like many modern attacks the 2017 Petya ransomware leveraged multiple techniques to complete its objective. Unlike traditional AV that for the most part has a single opportunity to stop malware with a signature or heuristic match of the portable executable, Intercept X gets multiple chances to thwart the adversary. If we can detect and prevent any one of the techniques being used the attack usually falls apart as the...
    • 3 Aug 2017

    Intercept X EAP wins 3rd party comparison on credential theft protection

    Prior to the Early Access Program we released the credential theft protection capability in HitManPro.Alert beta. HitManPro.Alert was part of the Sophos acquisition of Surfright and is the core technology for the anti-exploit and cryptoguard features in Intercept. From this head to head assessment by MRG Effitas you can see just how incomplete some of the other security vendors are in this regards. Credential theft...
    • 1 Aug 2017

    News from the first few days of the EAP program

    Wow, thanks everyone for the participation. In just four business days we have over 1,000 devices under protection and hundreds of customers and partners participating. We have been seeing lots of detection events from folks running the Sophos Test tool and a few other protection events either from penetration tests or real world attacks that have been being stopped. Overall we are very pleased with the early access...
    • 28 Jul 2017

    Black Hat

    I spent the last two days at black hat talking about Intercept X and the innovation going on at Sophos. At the same time we also launched Intercept X EAP on Sophos Central. A busy few days for sure. We had a number of great presentations but two that caught my eye were a deep dive on the Philadelphia Ransomware attack and Garbage In garbage out a presentation on the need of ensuring machine learning models have good...
    • 27 Jul 2017

    Fileless malware and Intercept X's approach

    One of many topics that has been being discussed in the industry is around how products protect against fileless malware. In this scenario the adversary is looking to compromise a machine and complete their objective with out having to deploy software on the device. The reason they are looking to avoid deployment of software is to prevent many of the traditional detection techniques that depend on file analysis. These...
    • 27 Jul 2017

    HTA Applications and Intercept X

    HTA applications are html applications that can be run directly from the users browser session if the user allows them to... With the Intercept X early access program we now include HTA (MSHTA.exe) application behavior in the process lockdown capability for Intercept X, so malware that is trying to leverage this method to establish a toehold should be blocked. For more information on process lockdown checkout the document...
    • 27 Jul 2017

    EAP agent is now available from Sophos Central (July 27)

    This morning we enabled the early access program on Sophos Central. If you have a product license or trial license for Sophos Central you can now join the EAP and enroll windows 7 and above machines to participate in the early access program. How to enable EAP in Central.pdf We have a list of known issues and have seen some early reports that the policy delivery to the endpoint can be delayed by up to an hour once...
    • 7 Jul 2017

    Root Cause Analysis Presentation and Demo

    Root Cause Analysis is a component already available in the current version of Intercept X. For folks testing the Early Access software we have completed the plumbing work to get the new active adversary mitigations to trigger RCA generation. That means that when testing with Sophos Tester or your own penetration tools when a detection event happens the endpoint will generate a Root Cause Analysis Case that shows the...
    • 5 Jul 2017

    Sophos Tester

    We are providing Sophos Tester.exe. This application will install on a windows machine and on install you need to accept an end user license agreement and safety notice. This version of Sophos Tester is intended for use with the Early Access Program only. If you run the Sophos Tester on an endpoint with an earlier version of Intercept X you may see errors for some tests. The Sophos tester does not deploy malware and...
    • 30 Jun 2017

    Presentation of EAP Features

    In this recorded presentation we cover the new features available in the Early Access Program July update for Intercept X(15 min video). The slide deck is available separately. Power Point Slides: (Please visit the site to view this file) - Early Access Program Power Point deck explaining features in the July EAP program Video on the same Feature Overview - An overview of features in the July Early Access...
    • 30 Jun 2017

    Hacking Demo, showing attack techniques and mitigations by Intercept X

    Doug our marketing video rockstar took a hacking video I prepared and provided an overview and voiceover. This video shows the use of a Kali linux box with metasploit on it penetrating a PC protected by traditional AV and then after we disable intercept X anti-exploit so we can get in the front door what the new features in the early access program can do. Nice stuff and check it out. Active Adversary Demo . Also under...
    • 15 Mar 2017

    Welcome to the Early Access Program - Part I Summer 2017

    Description This is the first of multiple updates planned during the early access period. In this release we have added multiple protections to the Intercept product to prevent active adversaries form completing their objectives, from Credential Theft Prevention, to protections against new exploit techniques like eternalblue and double pulsar the exploits used in the wanna cry worm. This fall we add Deep Learning...