By Emma Okonji
Sophos, a cyber-security firm has unveiled an updated version of its Endpoint Detection and Response (EDR) solution designed for both security analysts and Information Technology (IT) administrators.
The firm stated that significant advancements and new capabilities make it faster and easier than ever before for security analysts to identify and neutralise evasive threats, and for IT administrators to proactively maintain secure IT operations to reduce risk.
Sophos also published new research, “An Insider View into the Increasingly Complex Kingminer Botnet,” underscoring the use of servers in carrying out attacks and the importance of threat intelligence in detecting such activity. The opportunistic Kingminer botnet attempts to gain server access by brute-forcing login credentials, and Sophos now finds that it’s using the infamous EternalBlue exploit in an attempt to spread malware among other attack mechanisms.
Announcing the advanced solution, the Chief Product Officer at Sophos, Dan Schiappa, said: “Cybercriminals are raising the stakes, stopping at nothing to capitalise on expanded attack surfaces as organisations increasingly move to the cloud and enable remote workforces. Servers and other endpoints are all too insufficiently protected, creating vulnerable entry points that are ripe for attackers to exploit.
“Sophos EDR helps identify these attacks, preventing breaches and shining light on otherwise dark areas. Live querying capabilities only available with Sophos EDR in Intercept X enable organisations to search for past indicators of compromise and determine the current system state. This level of intelligence is critical in understanding changing attacker behaviors and reducing attacker dwell time.”
President, Data Integrity Services, Sam Heard, said: “The new version of Sophos EDR gives us the threat intelligence and security expertise needed to know how to prioritize and where to start our investigations so we can remediate issues requiring urgent action.
“The new features combine the strongest protections with the industry’s most powerful EDR to automatically detect, prioritise and investigate threats, so we can remotely respond to incidents with speed and precision. The pre-configured queries in particular are a game changer not only for security pros to threat hunt, but for IT admins to do their everyday jobs.”