Announcing Early Access for Enhanced Protection / IPS and AMSI

Can the best get any better? We sure think so! Our teams have been working hard to add new protection focused features to Central Windows Endpoint & Windows Server. The Early Access Program is due to launch in late October, the full list of included products can be found later in this blog post.

IPS

Sophos Network Threat Protection just got better! We're adding Malicious Network Traffic Protection with Packet Inspection - better known as Intrusion Prevention System (IPS).

This technology is already present on your firewall, but it only protects machines that are inside your network against attacks from the outside. But that protection isn't there when you connect to the Wi-Fi of the local coffee shop. It is also needed if a server is infected and tries to attack other machines in your network.

AMSI

We're excited to announce Sophos AMSI Protection. Anti-Malware Scanning Interface (AMSI) is a Microsoft API that allows the scanning of script files and certain binaries such as .NET assemblies to detect malicious content. 

When scripts are obfuscated it can be hard, if not impossible, to scan for malicious code. However, when these are executed, they need to be deobfuscated, this is when AMSI protection can scan the code for malicious content. 

Sophos AMSI Protection can scan scripts, whether executed from a file or from memory, for a large number of scripting languages and interpreters.

Products Eligible for these NEW features

  • Central Endpoint Advanced
  • Intercept X Advanced
  • Intercept X Advanced with EDR
  • Intercept X Advanced with EDR ft. MTR
  • Central Server Protection
  • Intercept X Advanced for Server
  • Intercept X Advanced for Server with EDR
Joining Early Access Program.pptx