Sophos Advances Active Adversary Defences with New Security Solutions
New Sophos Report Exposes How Attackers are Executing Ransomware in Hours
Posted: Thursday, Nov 16
  • KBI.Media
  • $
  • Sophos Advances Active Adversary Defences with New Security Solutions
Sophos Advances Active Adversary Defences with New Security Solutions

OXFORD, U.K.ย โ€“ Nov. 14, 2023 โ€“ย Sophos, a global leader in innovating and delivering cybersecurity as a service, today introduced several new solutions that advance critical defences against active adversaries. Sophos exposes how these active adversaries are now carrying out ransomware โ€œfastโ€ attacks in mere hours in โ€œThe 2023 Active Adversary Report for Security Practitionersโ€ also published today.

Theย Sophos X-Opsย report showcases the forensics of fast smash-and-grab ransomware attacks and the precise tactics, techniques and procedures (TTPs) attackers are using to operate in this new high-speed attack mode โ€“ including preferred living-off-the-land binaries (LOLBins) and other tools and behaviours that get them close to crucial resources that they want to exploit. This evidence in the report and detailed explanations of how certain attacks unfold demonstrates the need for regularly adapted security solutions to protect, detect and disrupt intrusions as fast as possible on the attack chain.

โ€œIn the face of fast-moving adversaries who are continuously evolving their TTPs โ€“ and often blend the use of legitimate tools โ€“ to execute multistage attacks, cybersecurity defences need to be dynamic and foresightful,โ€ said Raja Patel, chief product officer at Sophos. โ€œSophos is taking a proactive, protection-first approach to stopping threats at the front door before they escalate. Weโ€™re evolving products with industry-first security capabilities that are powered by Sophos X-Opsโ€™ deep threat intelligence from more than half a million organisations globally to identify and counter threats at speed and scale.โ€

The new innovative capabilities include:

  • Newย Sophos Firewallย v20 software with Active Threat Response:ย automatically shuts down attacks and blocks active adversaries from entering networks, all without having to add firewall rules. If administrators, for example, are alerted to a Cobalt Strike beacon, which Sophos X-Ops frequently sees attackers using, as indicated in the new Active Adversary Report for Security Practitioners, they canย add its destination to the ad-hoc blocklist and the rest of the network will be prevented from accessing that IP address, domain or URL.ย This new version of Sophos Firewall software also includes an integratedย Zero Trust Network Accessย (ZTNA) gateway that makes it easy for organisations to provide modern secure remote access to applications behind the firewall;ย network scalability enhancements to support distributed enterprises; and ease of use management enhancements
  • Sophos Network Detection and Responseย (NDR) with Extended Detectionย and Response (XDR): Sophos NDR is now available forย Sophos XDRย andย Sophos Managed Detection and Responseย (MDR)ย customers to extend their threatย detection capabilitiesย to the network. Sophos NDRย monitors activityย deep insideย theย network for suspicious and maliciousย traffic patternsย thatย could signal an attackย and detects a wide range of security risks, including rogue and unprotected devices, insider threats, undetected zero-day attacks, and threats targeting internet of things (IoT) andย operational technology (OT)
  • Sophos XDR enhancements: connects security data across multiple sources to detect threatsย faster and stop active adversaries soonerโ€‹. Anย expanded set of third-party integrations makes it easy to collect, enrich and combine telemetry across endpoint, firewall, cloud, identity, network, and email solutions. Enhanced security operations and analyst workflow and case management features also enable customers to filter out noisy and redundant alerts, gain complete visibility from a single console and reduce workloads with automated response actions

โ€œAs attackers speed up their attack timelines, one of the best things organisations can do is increase friction whenever possible; in other words, if their systems are well maintained, attackers must do more to subvert them. That takes time and increases the detection window,โ€ said John Shier, field chief technology officer at Sophos. โ€œRobust, layered defences create more friction, increasing the skill level the attacker needs to bring to the table. Many simply won’t have what it takes and will move on to easier targets.โ€

Availability

The new Sophos Firewall software isย available for immediate purchase exclusively through Sophosโ€™ย global channel ofย partnersย andย managed service providersย (MSPs), and as a complimentary upgrade for all licensed firewall customers. New Sophos NDR and XDR third-party integration packs will also be available by the end of November.

Users can easily manage Sophos solutions in the cloud-nativeย Sophos Centralย platform, where Sophosโ€™ portfolio of security products and managed services share information to automatically respond to threats by isolating infected endpoints, blocking lateral attacker movement and more. Organisations can also leverage Sophos MDR as a comprehensive service to detect and respond to threats. As the worldโ€™s most widely used MDR offering with more than 19,000 customers, Sophos MDR provides 24/7 threat hunting, detection and response with industry-firstย third-party integration capabilitiesย and aย $1 million breach protection warranty.

Analyst and Channel Partner Quotes

โ€œFor many organisations, the desire for consolidation is growing, and weโ€™ve seen evidence that SMBs, in particular, express a higher propensity to consolidate their purchases of multiple products with their endpoint security vendors,โ€ said Chris Kissel, research vice president, security and trust products, at IDC. โ€œThe main driver of vendor consolidation isnโ€™t financial; itโ€™s security operations efficiency. Organisations can achieve better security outcomes with tools covering different facets of the security ecosystem that are designed to work together and are centrally managed by an XDR platform.โ€

โ€œThese new cutting-edge innovations empower us as an MSP to take a more proactive approach in locking the doors and standing up adaptive and customisable protections throughout our customersโ€™ varied estates to keep determined attackers at bay,โ€ said Sam Heard, president at Data Integrity Services. โ€œSophos is continuously updating its technology portfolio to protect against changing threats, and, as a result, weโ€™re extremely confident in our ability to detect and respond to threats early on before they cause any damage.โ€

“Sophos NDR hasย provided a significant boost to our IT team’s productivity, allowing us to focus on other projects and aspects of our cybersecurity. The fact that it protectsย our industrial equipment and non-Sophos endpoints is a real gameย changer, andย having the real timeย ability to detect IP-based flows givesย us a third-eye view of what is happening inside our network,โ€ saidย Vishvas Chitale, chief information security officer and partnerย at Chitale Dairy. โ€œNow, withย Sophos Firewallย v20 and Active Threat Response, response time is instantaneous and thereโ€™s even less involvement required by our local IT team. We can simultaneously identify compromised hosts thanks to the synchronised security heartbeat telemetry that identifies details about the infected device, including hostname, user, process or executable, and the nature of the threat. It not only improves our security response time but makes it easier to get any threat cleaned up and frees up even more of our teamโ€™s time to work on more strategic projects. Also, thanks to the new IPv6 BGP functionality in Sophos Firewall v20, weย haveย streamlinedย our network routing, taking advantage of theย granular BGPv6 controls in the firewall. Along with theย networking and SD-WAN enhancements, weย areย excited to build out our datacentre networkย with Sophos Firewall for East-West and North-South flows.ย Sophos Firewall is anย outstandingย network security platformย thatย provides a single pane to manage our security posture with greatย ease.โ€

ย 

About Sophos

Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organisations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organisations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophosโ€™ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the companyโ€™s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimises the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralised data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organisations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophosโ€™ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophosโ€™ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available atย www.sophos.com.

Share This