Sophos Endpoint: Adaptive Attack Protection Gets Even Better

Credit to Author: rajansanhotra| Date: Mon, 29 Apr 2024 11:04:40 +0000

Adaptive Attack Protection is a powerful and unique differentiator in Sophos Endpoint. It dynamically enables heightened defenses when a “hands-on-keyboard” attack is detected. In this elevated mode of protection, actions that are usually benign but commonly abused by attackers are blocked outright by Sophos Endpoint – dramatically reducing the likelihood of the attack’s success and giving you more time to neutralize the threat.

Watch this 2-minute video for an overview of Sophos Adaptive Attack Protection.

As attackers continue to innovate in their approaches, we have extended this unique protection with additional capabilities that further protect Sophos Endpoint customers against active adversaries.

Greater Protection, More Control, Increased Visibility

This Sophos-exclusive protection capability is now even stronger. All Sophos Endpoint customers now benefit from a number of significant enhancements:

  • Greater protection. Customers now have the option to apply specific Adaptive Attack Protection blocking rules persistently via new policy settings in their Sophos Central cloud-based management console.
  • More control. Customers can now manually activate (and deactivate) Adaptive Attack Protection on a device to apply more aggressive protection while investigating suspicious activity – ideal for scenarios where fully isolating the device from the network may cause significant operational disruption to the organization. You can also extend the time that Adaptive Attack Protection is activated on a device to give more time to complete an investigation.
  • Increased visibility. New Adaptive Attack Protection events and alerts notify you when a device is under attack and urge responders to take action to neutralize the threat.

New manual controls for Adaptive Attack Protection.

 

 

 

 

 

 

 

 

 

New alerts notify customers when Adaptive Attack Protection is activated on a device.

 

 

 

 

 

 

 

New Safe Mode Protection

When adversaries fail to break through runtime protection layers on an endpoint, they often attempt to restart the device into Safe Mode, where security software is not present or minimal. Sophos Endpoint now protects against adversary abuse of Safe Mode with two new capabilities:

  • Block safe mode abuse: A new Adaptive Attack Protection persistent policy rule is now available that prevents adversaries from programmatically restarting devices into Safe Mode.
  • Enable protection in safe mode: Sophos Endpoint protection capabilities, including our unrivaled CryptoGuard anti-ransomware technology and AI-powered malware protection, can now be enabled on devices running in Safe Mode.

New safe mode protection policy settings.

 

 

 

 

 

 

 

 

Adaptive Attack Protection is available to all Sophos Endpoint customers today.

To learn more about Sophos Endpoint and how it can help your organization better defend against today’s advanced attacks, speak with a Sophos adviser or your Sophos partner today.

 

http://feeds.feedburner.com/sophos/dgdY