Sophos has released its new Endpoint Detection and Response (EDR) which makes for faster and easier threat detection. The new EDR 3.0 is available in Sophos Intercept X Advanced and Intercept X Advanced for Server with EDR.
Sophos’ updated EDR can identify attacks faster to understand attacker behavior as well as reduce attacker dwell time. As part of the EDR’s development, Sophos published a new research, “An Insider View into the Increasingly Complex Kingminer Botnet.” The articles dives into the critical role of EDR in defending against a an advanced ransomware attack, a Kingminer botnet attack.
The articles shares the role of EDR against Kingminer botnet, which uses brute-force of login credentials to steal server access. EDR shone in its new custom-built query engine to detect early signs of compromise. During the research, Sophos also found out its use of the EternalBlue exploit to spread malware among other attacks.
Moreover, the research emphasized the need for EDR which can hunt active attacks. Only 24% of organizations detected intrusions early before files were encrypted according to the State of Ransomware 2020 survey. A huge pitfall for many. Sophos EDR offers powerful visibility an important tool for optimum cybersecurity. Moreover, new features include:
- Live Discover: Pinpoint past and present activity with up to 90 days of data retention. Out-of-the-box ready SQL queries allow administrators to answer threat hunting and IT questions. Plus, users can select and full customize from a library of pre-written options. Users can find some of the most granular and detailed endpoint activity recordings, further enhanced with Sophos’ deep learning technology, on this flexible query engine .
- Live Response: Remotely respond and access endpoints and servers using a command line interface to perform further investigation and remediate issues; easily reboot devices, install and uninstall software, terminate active processes, run scripts, edit configuration files, run forensic tools, isolate machines, and more
Available now in Sophos Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR at no added cost. Furthermore, Sophos EDR will support Windows, MacOS and Linux. Manage the new features on the cloud-based Sophos Central platform for real-time information sharing. Its unique Synchronized Security approach makes Sophos’ entire portfolio of next-generation cybersecurity solutions accessible.