Security Admins Can Investigate Malware Infections
The software offers several additional protections. WipeGuard uses the same deep learning features to protect a computer’s master boot record. Ransomware attacks on the MBR prevent a computer from restarting (even turning to a backup to restore the machine will be impossible) until the cybercriminals get their money. Safe Browsing includes policies to monitor a web browser’s encryption, presentation and network interfaces to detect “man in the browser” attacks, which are common in many banking Trojan viruses.
Sophos Root Cause Analysis keeps a list of infection types that have occurred in the past 90 days. There’s even a Visualize tab that connects to devices, browsers and websites to track where the infection occurred and how it spread. This doesn’t mean users must take action immediately, but it could help them investigate a chain of events surrounding a malware infection and highlight the necessary security improvements.
One caution with Intercept X: If users haven’t patched their software, especially Java and Adobe applications, it may detect false positives. Be sure to update all software to the most current versions to avoid these accidental alerts, which is a good practice anyway.
READ MORE: Find out how security software often gathers information that empowers a manager to disseminate tips to stakeholders.
Streamlined Endpoint Protection Simplifies Security for Managers
Endpoint protection is wonderful, but managing all those endpoints can be a chore. In addition to the usual laptops and desktops, security managers must pay attention to servers, mobile devices, email and web browsing. The potential threat surface can seem overwhelming.
The Sophos Central console streamlines that management, especially when deployed alongside other Sophos products. From the console, admins can manage Intercept X and endpoint protection either globally or by device. Web protection provides enterprise-grade browsing defense against malicious popups, ads and risky file downloads. The mobile dashboard also shows device compliance, self-service portal registrations, platform versions and management status.
Server security protects both virtual and physical servers. The Server Lockdown feature reduces the possibility of attack by ensuring that a server can only configure and run known, trusted executables.
Sophos wireless, encryption and email products also tie in to the console, and Sophos Wi-Fi access points can work alongside endpoint and mobile protection clients to provide integrated threat protection. That lets admins see what’s happening on wireless networks, APs and connecting clients to get insight into inappropriate use of resources, including rogue AP detection.
The Sophos Encryption dashboard provides centrally managed full disk encryption using Windows BitLocker or Mac FileVault. Key management becomes a snap with the SafeGuard Management Center, which lets users recover damaged systems. Sophos email protection provides a guard against spam, phishing attempts and other malicious attacks through the most common user interface of all: email.
Sophos Central isn’t just for admins, either. Self-service is an important feature today, with user demands and IT budgets in constant conflict. Users can log in to the Sophos self-service portal to customize their security status, recover passwords and get notifications. In most IT departments, password recovery is the No. 1 help desk request, and eliminating those calls means technicians can spend more time on complex tasks.
Sophos Intercept X
Platform: Windows 7, 8, 8.1 and 10 32-bit and 64-bit platforms; MacOS
Storage Requirement: 20MB on the endpoint (on average)
Server Requirement: Sophos Central supported on Windows 2008 R2 and above
