68% of organisations report being hit by a cyber-attack in the last year. 37% of attacks were discovered on servers and the most significant threats are in environments for an average of 13 hours before being detected.
Security Risks and Trends
According to Gartner Top 9 Security and Risk Trends for 2020, three key emerging trends in cybersecurity are:
Extended detection and response capabilities are improving accuracy and productivity
Zero-trust network access technology is beginning to replace VPNs
Security processes are increasingly automated, eliminating repetitive tasks.
The Current Threat Landscape
Malware is increasing, and the rate of increase itself is also growing. Cybercriminals are getting more resourceful and there is also a significant shift in their aims and objectives. Cybercriminals are evolving their approach and looking to monetize their activities.
When crypto-ransomware first appeared, the victim would have to pay a ransom, hope they had a backup strategy in place, or accept the loss of their data.
The world moved on, and we saw cybercriminals blending network based attacks with malware to deliver their ransomware payload, for example in the cases of WannaCry and Petya.
In the latest types of approach, advanced persistent malware, for example with Emotet and Ryuk, announce their presence by encrypting as much data as they can get hold of. They also hide out in the shadows, in corners of the network, so that once the Admin has cleaned up a network, they then spring back to life. It’s then necessary to go through the whole process again, so being able to find these hidden fragments is key.
Seven Uncomfortable Truths about Endpoint Security
9/10 had up to date endpoint protection that was properly configured
20% were unable to pinpoint the source of the attack
Sophos advocate having multiple layers of defence, so that we can interrupt what is referred to as ‘the Cyber Kill Chain’.
This describes the phased process that cyber criminals go through:
Just like with any chain, if one link is broken, then the chain no longer functions. If we can break one of the links in the Cyber Kill Chain, then we can help to fend off a cyber-attack and keep ourselves safe.
Traditionally we’ve done this with reactive security, with anti-virus tool. However , as shown in our survey, 9/10 respondents who experienced ransomware were running anti-virus which was installed correctly, and up-to-date, so why did they still get infected?
Why Do I Need Next-Gen Cybersecurity?
Sophos sees, on average, 450,000 new malware samples at the Sophos Labs every single day.
This means that the idea of reactive security just doesn't work anymore. We need to empower the Endpoint to be able to work for itself, and recognise what is likely to new malware when it comes across it.
This is where Sophos Intercept X comes into play. It’s a next-generation defence, and it is expanding how we can look at the threat chain and leveraging a lot of next generation techniques - anti-exploit techniques, machine learning and anti-ransomware capabilities.
This is what Sophos consider to be the basic level of protection that is now needed, empowering the endpoint to be able to work for itself and recognise threats on its own.
What Is Endpoint Detection and Response (EDR)
EDR is a set of tools that is becoming increasingly commonplace, allowing our network administrators to become Threat Hunters;
looking at their estate and recognising the tell-tale signs of malware that is or has been present on the network, or that is lying dormant on the network;
being able to expose exactly what that malware has done, what is interacted with, and how we can learn to defend ourselves better in the future
According to Gartner:
‘Over the last 2 years the requirements for EDR use cases have become increasingly mainstream.
As a result the core functions of EDR solutions have been increasingly adopted by EPP (Endpoint Protection) vendors. Similarly, many of the EDR vendors have incorporated prevention techniques typically associated with EPP solutions, hoping to displace incumbent EPP vendors with their solutions.’
EDR starts with the strongest protection, and allows you to add expertise, rather than headcount. It’s built for security analysts and also for IT administrators.
The Problems Facing IT and Security Teams
Lack of Time
26% of IT teams’ time is spent managing security
Lack of resources
⅔ say budget for people and technology is too low
Lack of visibility
68% say data breaches take one month or longer to detect
Top 5 reasons you need EDR
To confidently report on your security posture at any given moment
To detect attacks that have gone unnoticed
To respond faster to potential incidents
To add expertise
To understand how an attack happened and how to stop it from happening again
The Gap of Uncertainty
EDR helps us understand the ‘gap of uncertainty’. We have samples which we know are malicious ; we have samples that we know are good processes - files etc. There is always a grey area in the middle and one of the key tricks is to make the grey area as small as it possibly can be.
Add Expertise, Not Headcount
Threat hunting Powered by Artificial Intelligence.
Sophos Intercept X automatically detects things that look a bit wrong or shaky and then, using artificial intelligence, prioritises them for Administrator attention.
The highly efficient dashboard is easy to navigate. It that shows the top things that need to be looked at immediately and it also helps identify how an attack took place.
Understand Your Security Posture with Guided Investigation
What happened, where an attack came from, what processes were involved and also suggested next steps. This is curated intelligence, based on the exact outbreak.
On Demand Threat Intelligence curated by Sophos Labs
In real-time you can click through and gain more information about a particular file or process; for example, its reputation - do we know if it's good or bad; and we can also open up the world of machine learning. Sophos can help you make your own decisions by looking at the attributes and characteristics of files.
EDR Designed for Security Analysts and IT Administrators
EDR helps everyone to upskill. It turns IT operations into Security Analysts and turns Security Analysts into out and out Threat Hunters.
Answering the Tough Questions About an Incident
EDR helps us to identify the key factors in an attack, so that we can:
Understand the scope and impact of an outbreak
Detect attacks that may have gone unnoticed
Search for indicators of compromise across the network
Prioritise events for further investigation
Analyse files to determine if they are a threat or potentially unwanted
Confidently report on your security posture at any given moment
New Features of Sophos EDR
You can now search for anything, security related or not:
Threat hunting examples
Query what processes are running on your network
Query what ports are being listened to
Look for indicators of compromise
See processes that have recently modified files or registry keys
Search details about Powershell executions
Identify processes disguised as legitimate
IT Operations examples
Why is machine slow? Is it pending a reboot?
Are critical services running (eg, disk encryption, firewall)
Find known vulnerabilities, out of date versions, bad certificates, unknown services, and unauthorised browser extensions
Check for security best practices (is remote sharing enabled? Are encrypted SSH keys on the device? Are guest accounts enabled?)
Are there programs running on the machine that should be removed?
Does the device have a copy of a file I am looking for?
Live Discover examples
This lets you ask any question about what is happening in the past, and what is happening now.
Rich Endpoint search capabilities
Look beyond malware
Out of the box queries
Access more via community
Up to 90 days on disc live and historic data
Remotely Respond with Precision
This lets you remotely remediate managed devices with a command line interface, eg
Reboot the device
Terminate active processes
Run scripts or programs
Edit configuration files
Install/ uninstall software
Run forensic tools
Benefits of Sophos EDR
EDR helps you work faster, right across your organisation
Do more with less
A single console lets you carry out the wide range of security tasks, searching, remove malware with just a few clicks
Stay ahead and stay on top of your security stance
Why is Sophos EDR different from the competition?
Built for IT generalists and security analysts
Out of the box, powerful, customisable searches
Built on the industry’s best protection
To view a demonstration of these functions and features, view our on-demand webinar:
Intercept X with EDR vs Managed Threat Response (MTR)
Intercept X with EDR
Threat hunting tools which enable searches to locate threat artifacts and undetonated malware
Still requires in-house resource.
Managed Threat Response
If you do not have the time to be investing in managing an EDR solution, then it may be worth considering a Managed Threat Response option.
This empowers Sophos specialists to be looking at your network 24/7, and to respond to issues that they see.
Decide on Your Appetite for Risk.
Do you have the appropriate level of resources to invest in EDR, or would a Managed Threat Response Solution be more suitable?
Get in touch to take a deeper dive into the solutions, or to request pricing
Request A Demo
If you would like to find out more about EDR, please request a demo. Our specialists at Chess will go through your individual requirements with you and help you understand how EDR can work for you in your specific environment.
Get in touch to request a demo.
Begin a Customer Trial
Already a Sophos customer? If you’re running Intercept X, you can initiate a trial across your whole estate.
Chess is one of the UK’s leading independent and trusted technology service providers, employing 300 skilled people across the UK, supporting over 20,000 organisations.
By leveraging world-class technology, Chess helps you to connect your people, protect your data, grow your business, reduce your costs and work better together, which means your business, your people and your customers can thrive.
At Chess, we’re passionate about our unique culture and our continuous investment in our people to be industry experts. We’re extremely proud that our people voted us No.1 in ‘The Sunday Times 100 Best Companies to Work for’ list 2018, and we continue to celebrate more than ten years in the top 100.
Speak to a Product Specialist
You can fill out the form and one of our product specialists will contact you shortly with more information.
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.