Better device and data security through innovation and integration
The endpoint has changed. No longer are endpoints just Windows workstations operating within a corporate perimeter and accessing servers that are inside the same perimeter. Instead, organizations are faced with a diverse set of workstation and mobile device platforms that are used everywhere and that routinely access data stored on the network, in the cloud and on the devices themselves.
While attackers have taken advantage of these changes, adapting to new platforms and developing more sophisticated attacks, endpoint security has been slower to evolve. In most cases, the focus is still primarily on preventing malicious files from infecting Windows endpoints. It’s no wonder, then, that businesses are struggling to keep up with the latest threats and to protect their sensitive data.
The Sophos Approach
Sophos is taking a different approach to building security for businesses, anchored by three core beliefs:
- Security must be comprehensive. A solution must include all the capabilities required to satisfy a customer’s needs.
- Security can be made simple. That simplicity must be reflected in everything about the solution, including deployment, management, licensing, support and the overall user experience.
- Security is more effective as a system. New possibilities emerge when technology components communicate and cooperate, instead of each functioning in isolation.
Next-Generation Enduser Protection is our vision of applying these principles to deliver better security for enduser devices and data through the integration of innovative endpoint, mobile and encryption technologies. Imagine a system that collects suspicious events from all your devices, correlates the data to identify a compromised system, alerts the administrator, temporarily locks down the system — and access from that system to sensitive network and cloud data — and removes the detected threat, all automatically. That’s what Next-Generation Enduser Protection will make possible.
Next-Generation Enduser Protection represents a fundamental change to how we approach security. Traditional antivirus starts and ends with preventing infected files from running on a computer. If an infected file does run, the attacker is now in a position to cause damage or steal data without being detected. In contrast, we’re looking not just at whether a file is infected, but whether the computer is exhibiting behaviors that indicate the system is under attack or already compromised. We can then bring all our technology to bear on stopping and removing the threat. By focusing on prevention, detection and remediation of the entire system, we can give organizations peace of mind that they will suffer fewer infections and have a lower risk of data breaches and other security incidents.
The first next-generation feature to reach the endpoint is Malicious Traffic Detection, which catches compromised computers in the act of communicating with attackers’ command and control servers. Similar technology available in next-generation firewalls — including ours — can alert administrators to the presence of a compromised system on the network. But because we integrate the feature into the endpoint, we can go further by detecting a compromise on or off the network, identifying the specific malicious file, and cleaning up the infection. For customers, this means better detection rates and less time investigating and manually cleaning compromised systems.
Also released is the new Sophos System Protector, which is the “brain” of our updated endpoint agent. It correlates information from the Malicious Traffic Detector and other components to identify threats that might not be deemed “bad” by any one component on its own. This results in better protection against advanced threats, with fewer false positives.
Both Malicious Traffic Detection and Sophos System Protector are rolling out in January 2015 in our Sophos Cloud Enduser Protection and Sophos Cloud Endpoint Protection Advanced products. We expect to introduce both features into the corresponding on-premise products in the first half of 2015.