Sophos boosts Intercept X
for Server with endpoint
detection and response
ophos, a global leader in
network and endpoint security,
has announced Intercept X
for Server with endpoint detection and
response (EDR). By adding EDR to
Intercept X for Server, IT managers can
investigate cyberattacks against servers,
a sought-after target due to the high
value of data stored there.
S
Cybercriminals frequently evolve
their methods and are now blending
automation and human hacking skills to
successfully carry out attacks on servers.
This new type of blended attack combines
the use of bots to identify potential victims
with active adversaries making decisions
about who and how to attack.
The SophosLabs Uncut article, Worms
Deliver Cryptomining Malware to Web
Servers, underscores how easy it is
for cybercriminals to leverage bots to
discover soft targets. The report explains
an automated attack that can deliver a
wide range of malicious code to servers
that, as a class, tend to lag behind
normal update cycles.
Anatomy of a blended cyberattack
This could be to quietly sneak around
to steal intelligence and exit unnoticed,
disable backups and encrypt servers
to demand high-roller ransoms, or use
www.intelligentciso.com
|
Issue 16
“Blended cyberattacks, once a page in
the playbook of nation state attackers,
are now becoming regular practice for
everyday cybercriminals because they
are profitable. The difference is that
nation state attackers tend to persist
inside networks for long lengths of
time whereas common cybercriminals
are after quick-hit money making
opportunities,” said Dan Schiappa, Chief
Product Officer, Sophos. “Most malware
is now automated, so it’s easy for
attackers to find organisations with weak
security postures, evaluate their payday
potential and use hand-to-keyboard
hacking techniques to do as much
damage as possible.”
Sophos explains how blended
cyberattacks work in its video, Intercept
X for Server with Endpoint Detection
and Response (EDR).
“Cybercriminals are counting on this
window of opportunity. If organisations
do fall victim to an attack, they need to
know the full context of what devices
and servers were hit in order to improve
security as well as answer questions
based on stricter regulatory laws.
“Knowing this information accurately the
first time can help businesses resolve
issues much faster and prevent them
from a repeat data breach.
“If regulators rely on digital forensics as
evidence of lost data, then businesses
can rely on the same forensics to
demonstrate their data has not been
stolen. Sophos Intercept X for Server
with EDR provides this required insight
and security intelligence.”
Sophos Intercept X for Server with EDR
expands Sophos’ offering of EDR, which
was first announced for endpoints in
October 2018. u
Sophos Intercept X for Server
with EDR
With Sophos Intercept X for Server
with EDR, IT managers at businesses
of all sizes now have visibility across
an entire estate. This allows them to
proactively detect stealthy attacks, better
understand the impact of a security
incident and quickly visualise the full
attack history.
Schiappa added: “When adversaries
break into a network, they head
straight for the server. Unfortunately,
the mission critical nature of servers
restrains many organisations from
making changes, often significantly
delaying patch deployment.
Dan Schiappa, Chief Product Officer, Sophos
59
Once the bots identify potential targets,
cybercriminals use their savvy to select
victims based on an organisation’s
scope of sensitive data or intellectual
property, ability to pay a large ransom,
or access to other servers and networks.
The final steps are cerebral and manual:
break in, evade detection and move
laterally to complete the mission.
servers as launch pads to attack
other companies.