Sophos. Enhanced protection comes to Intercept X
October 28, 2019 - 1 minute readIntercept X has launched a new early access program (EAP) that brings protection enhancements including Anti-Malware Scanning Interface Protection (AMSI) and Malicious Network Traffic Protection.
AMSI is a Microsoft interface in Windows 10, Windows Server 2016 and later that allows for the scanning of script files even when obfuscated, as well as .NET 4.8 assemblies.
Obfuscated PowerShell scripts are a very common method for attackers to compromise systems. By leveraging AMSI Intercept X gets even better at detecting and blocking these attacks.
Malicious Network Traffic Protection, also known as Intrusion Prevention System (IPS), scans inbound and outbound traffic for malicious attack patterns, with rules based on Snort methodology.
This helps in several key ways, for example, if an employee takes their laptop to a café where they have no firewall protection, IPS will identify and block malicious traffic patterns. Outbound traffic scanning also helps block lateral movement from a compromised device, stopping the threat from spreading across the network.
The EAP is open right now and available to everyone using Intercept X Advanced and Central Endpoint Protection. Support for Intercept X for Server Advanced will be added during the EAP. To join head over to the community page.
The post Sophos. Enhanced protection comes to Intercept X appeared first on NSS.
Powered by WPeMatico