Introduction

Sophos Endpoint Protection is an easy-to-use, simple application for your endpoint devices, whether they run Windows, Linux or Mac OS. It is able to protect a wide variety of systems against malware and threats to your network and computer systems.

Sophos has created an endpoint security system that integrates technologies such as malicious traffic detection and real-time threat intelligence, which allows this endpoint protection system to keep your organizational systems safe from malicious threats. We will be taking a quick look at some of these features, as well as a general overview of how the system works and how it integrates with InfoSec Institute’s SecurityIQ system.

Sophos Endpoint Protection is more than just a signature-based malware scanner. The Sophos system is able to identify suspicious behavior and correlate it with their real-time threat detection system from SophosLabs.

These events can be triggered by malicious website addresses or malicious payloads in Web code — anything that produces sudden changes to system activity and command-and-control traffic over the Internet. This greatly reduces the chances of your computer systems being infected by malware, and greatly enhances your ability to view your current environment.

Let’s take a look at some of the key features that Sophos Endpoint Protection offers users.

  • So Long Malware: Isolate, threat removal and synchronized security
  • Next-Gen Protection: Threat indicator correlation
  • Decloaking Malware: System and firewall-based protection
  • Behavioral Analytics: Find threats before they become a problem
  • Traffic Detection: Identify suspicious traffic on the network
  • Integrated Endpoint and Network: Combines two solutions in one product

Key Features

Each of these key features work together to give your endpoints high levels of protection against malware, viruses and hackers.

So Long Malware

Sophos Endpoint provides features that help to prevent the spread of viruses and malware. This is accomplished by isolating items or even an entire compromised device in quarantine, so that any active threats cannot spread any further. This means that active threats that are being generated on a stricken computer or laptop can be isolated from the rest of the network until the issue has been resolved.

Sophos Endpoint Protection also automatically removes viruses and malware, creating a simple experience for users, who do not have to actively do anything to remove a threat from their systems. Automated threat discovery, investigation and response is all part of the Synchronized Security systems that are built into Sophos Endpoint Protection, making it one of the simplest endpoints to use.

Next-Gen Protection

Sophos has a system of threat detection that revolves around the identification of known behaviors and techniques that are found in almost all known exploits. By focusing on the root methods of attack, Sophos can identify threats before they spread too far, and become a bigger problem on the network.

Sophos Endpoint does not rely on signature-based threat detection, so it is able to catch zero-day threats before anyone is even aware of the outbreak. Sophos Endpoint is also able to correlate threat indicators, so web and application exploits, dangerous URLS and other threats are eliminated before reaching your endpoint devices, in many cases.

Decloaking Malware

Sophos Endpoint operates on the device that it is installed on, and also uses the system’s firewall to detect and isolate a compromised system on your network. Synchronized Security gives you added information so that you have increased network visibility.

Behavioral Analytics

This allows Sophos Endpoint to find and identify suspicious behavior from devices and applications on the network and can even find malware that is normally able to evade traditional antivirus software solutions.

Traffic Detection

Sophos Endpoint pre-filters all of the HTTP traffic that goes to and from a device, and any suspicious behavior is acted on, as well as the file path of the malicious process that is directing the traffic.

Mobile App

Sophos has produced an app for Android that does not affect performance or battery life while still protecting your device from malware and viruses. It features similar functionality to Sophos Endpoint Protection, as it has real-time synchronization with SophosLabs and is highly effective at keeping your Android devices running securely.

SecurityIQ Awareness Education

SecurityIQ has been developed by InfoSec Institute to allow organizations to provide on-demand, real-time training to their employees whenever an active incident is recognized on the system. This triggers an on-demand alert for training that relates to the current threat within the environment and alerts affected users to the necessary micro training.

The REST API that is used by SecurityIQ is able to be implemented against Sophos Endpoint and lets the two systems work together. This provides companies with unparalleled education capabilities and can lead to your users becoming your greatest security asset. You can learn more about Security IQ here.

Conclusion

Sophos is a simple-to-use endpoint protection system that offers users a stripped-down, basic interface to work with. Sophos has also developed an Android version of their system, giving smartphone owners more reason to celebrate their device security.

Sophos is able to perform threat detection and can be integrated with SecurityIQ to provide users with clear understanding about what it is that they need to do in order to mitigate the current threat that they are encountering, and how to prevent similar events from happening again. This will let users become the first line of defense in your organization’s IT security plan.

 

Sources

Endpoint Protection Overview, Sophos

Endpoint Protection, Sophos (fact sheet)

Sophos Mobile Security for Android, Sophos