Endpoint Security Buyers Guide - Sophos
Endpoint SecurityBuyers GuideAs cyber threats become ever more complex, the pressure to have the rightendpoint solution in place has also grown. However, the endpoint securitymarketplace has become congested with many different solutions, and is sofull of indefensible marketing claims that making an educated decision foryour organization is increasingly difficult.This guide provides clarity by walking you through the key endpoint securitytechnologies to ensure you have the right protection in place. It also enablesyou to see how different vendors stack up in independent tests, helping youmake an informed choice.
Endpoint Security Buyers GuideThe uncomfortable truth about endpoint securityThe endpoint security market is full of hype and extravagant claims. However, the reality is that 68%of organizations fell victim to a cyberattack in the last year¹. That’s why world-class protection is thefoundation of any effective security strategy.However, protection alone is not enough. Four out of five organization admit having a shortage of internalsecurity expertise¹. With this in mind usability is also essential if hard-pressed IT teams are to make bestuse of the protection capabilities. You should also assume that a threat will get through your defensesand equip your organization accordingly. This includes having full visibility into how threats enter theorganization, where they went, and what they touched so that you can neutralize the attack and plug anysecurity gaps.Use this guide to understand the protection technologies available and make and informed choice ofendpoint protection products.Product Features and CapabilitiesEndpoint security solutions, sometimes referred to simply as antivirus solutions, may include a varietyof foundational (traditional) and modern (next-gen) approaches to preventing endpoint threats. Whenevaluating solutions, it is important to look for solutions that have a comprehensive set of techniques tostop a wide range of threats. It also is important to understand the threats you are trying to prevent.Endpoint ThreatsWhile the threat landscape is constantly evolving, below are some key endpoint threats to consider whenevaluating different solutions:Ì Portable executables (malware): When endpoint protection is considered, malicious software programs(malware) is often the primary concern. Malware includes both known as well as never-seen-beforemalware. Often, solutions struggle to detect the unknown malware. This is important, as SophosLabssees approximately four hundred thousand pieces of unknown malware every day. Solutions should beadept at spotting packed and polymorphic files that have been modified to make them harder to identify.Ì Potentially unwanted applications (PUA): PUAs are applications that are not technically malware,but are likely not something you want running on your machine, such as adware. PUA detection hasbecome increasingly important with the rise of cryptomining programs used in cryptojacking attacks.Ì Ransomware: More than half of organizations have been hit by ransomware in the past year, costing onaverage 133,000 (USD)². The two primary types of ransomware are file encryptors and disk encryptors(wipers). File encryptors are the most common, which encrypt the victim’s files and holds them forransom. Disk encryptors lock up the victim's entire hard drive, not just the files, or wipes it completely.Ì Exploit-based and file-less attacks: Not all attacks rely on malware. Exploit-based attacksleverage techniques to take advantage of software bugs and vulnerabilities in order gain accessand control of your computer. Weaponized documents (typically a Microsoft Office programthat has been crafted or modified to cause damage) and malicious scripts (malicious codeoften hidden in legitimate programs and websites) are common types of techniques used inthese attacks. Other examples include man-in-the-browser attacks (the use of malware toinfect a browser, allowing attackers to view and manipulate traffic) and malicious traffic (usingweb traffic for nefarious purposes, such as contacting a command-and-control server).Ì Active adversary techniques: Many endpoint attacks involve multiple stages and multipletechniques. Examples of active adversary techniques include privilege escalation (methodsused by attackers to gain additional access in a system), credential theft (stealing user namesand passwords), and code caves (hiding malicious code inside legitimate applications).December 20202
Endpoint Security Buyers GuideModern (next-gen) techniques vs. foundational (traditional) techniquesWhile it may have different names, antivirus solutions have been around for a while and are proven tobe very effective against known threats. There are a variety of foundational techniques that traditionalendpoint protection solutions have relied on. However, as the threat landscape has shifted, unknownthreats, such as malware that has never been seen before, have become more and more common.Because of this, new technologies have come to the marketplace. Buyers should look for a combinationof both modern approaches, often referred to as “next-gen” security, as well as proven foundationalapproaches. Some key capabilities include:Foundational capabilities:Ì Anti-malware/antivirus: Signature-based detection of known malware.Malware engines should have the ability to inspect not just executables butalso other code such as malicious JavaScript found on websites.Ì Application lockdown: Preventing malicious behaviors of applications, like aweaponized Office document that installs another application and runs it.Ì Behavioral monitoring/Host Intrusion Prevention Systems (HIPS): This foundationaltechnology protects computers from unidentified viruses and suspicious behavior.It should include both pre-execution and runtime behavior analysis.Ì Web protection: URL lookup and blocking of known malicious websites. Blockedsites should include those that may run JavaScript to perform cryptomining, andsites that harvest user authentication credentials and other sensitive data.Ì Web control: Endpoint web filtering allows administrators to definewhich file types a user can download from the internet.Ì Data loss prevention (DLP): If an adversary is able to go unnoticed, DLP capabilities would beable to detect and prevent the last stage of some attacks, when the attacker is attemptingto exfiltrate data. This is achieved by monitoring a variety of sensitive data types.Modern capabilities:Ì Machine learning: There are multiple types of machine learning methods, including deep learning neuralnetworks, random forest, bayesian, and clustering. Regardless of the methodology, machine learningmalware detection engines should be built to detect both known and unknown malware without relyingon signatures. The advantage of machine learning is that it can detect malware that has never beenseen before, ideally increasing the overall malware detection rate. Organizations should evaluate thedetection rate, the false positive rate, and the performance impact of machine learning-based solutions.Ì Anti-exploit: Anti-exploit technology is designed to deny attackers by preventing the toolsand techniques they rely on in the attack chain. For example, exploits like EternalBlue andDoublePulsar were used to execute the NotPetya and WannaCry ransomware. Anti-exploittechnology stops the relatively small collection of techniques used to spread malware andconduct attacks, warding off many zero-day attacks without having seen them previously.Ì Ransomware-specific: Some solutions contain techniques specifically designed to prevent themalicious encryption of data by ransomware. Often ransomware specific techniques will alsoremediate any impacted files. Ransomware solutions should not only stop file ransomware, butalso disk ransomware used in destructive wiper attacks that tamper with the master boot record.Ì Credential theft protection: Technology designed to prevent the theft of authenticationpasswords and hash information from memory, registry, and off the hard disk.December 20203
Endpoint Security Buyers GuideÌ Process protection (privilege escalation): Protection built to determine when a processhas a privileged authentication token inserted into it to elevate privileges as part ofan active adversary attack. This should be effective regardless of what vulnerability,known or unknown, was used to steal the authentication token in the first place.Ì Process protection (code cave): Prevents use of techniques such as code cave and AtomBombingoften used by adversaries looking to take advantage of the presence of legitimate applications.Adversaries can abuse these calls to get another process to execute their code.Ì Endpoint detection and response (EDR): EDR solutions should be able to provide detailed informationwhen hunting down evasive threats, keeping IT security operations hygiene in excellent healthand analyzing detected incidents. It is important to match the size and skillset of your team withthe complexity and ease of use of the tool being considered. For example, selecting a solution thatprovides detailed threat intelligence and guidance, making it quick and easy to respond to a threat.Ì Incident response/Synchronized Security: Endpoint tools should at a minimumprovide insight into what has occurred to help avoid future incidents. Ideally, they wouldautomatically respond to incidents, without a need for analyst intervention, to stop threatsfrom spreading or causing more damage. It is important that incident response toolscommunicate with other endpoint security tools as well as network security tools.Ì Managed Threat Response (MTR): MTR delivers 24/7 threat hunting, detection andresponse delivered by a team of experts as a fully managed service. Analysts shouldbe able to respond to potential threats, look for indicators of compromise and providedetailed analysis on events that took place, where, when, how and why.The ”power of the plus”: combining multiple techniques for comprehensiveendpoint securityWhen evaluating endpoint solutions, organizations should not just look for one primary feature. Instead,look for a collection of impressive features that encompass both modern techniques, like machine learning,as well as foundational approaches that have been proven to still be effective, and endpoint detection andresponse (EDR) for investigation and incident response. Relying on one dominant feature, even if it is bestin-class, means that you are vulnerable to single point of failure. Conversely, a defense-in-depth approach,where there is a collection of multiple strong security layers, will stop a wider range of threats. This is whatwe often refer to as “the power of the plus” – a combination of foundational techniques, plus machinelearning, plus anti-exploit, plus anti-ransomware, plus EDR, plus much more.As part of an endpoint security evaluation, ask different vendors what techniques are included in theirsolution. How strong are each of their components? What threats are they built to stop? Do they rely only onone primary technique? What if it fails?December 20204
Endpoint Security Buyers GuideSophos vs. the CompetitionComparing products with different features is hard enough, but comparing their performance in simulatedattacks, where an attacker’s actions are potentially infinite and unknown, is nearly impossible. Forthose who choose to test on their own, an introductory testing guide can be found here. However, manyorganizations choose to rely on third party assessments to aid their buying decisions.360 Degree Assessment & CertificationIn the Q2, 2019 MRG Effitas endpoint test Sophos Intercept X blocked 100%of the attacks tested. This was achieved with the default settings ofIntercept X Advanced, while the majority of other products deployedadditional protections for the test.In addition to Sophos Intercept X, Avira Antivirus Pro, Bitdefender EndpointSecurity, CrowdStrike Falcon Protect, ESET Endpoint Security, F-SecureComputer Protection Premium, Kaspersky Small Office Security, MicrosoftWindows Defender, and Symantec Endpoint Protection received a Level 1passing grade.TEST EMPLOYEDSOPHOS RESULTIn the Wild 360 / Full Spectrum Test100% block rateFinancial malware100% block rateRansomware100% block ratePUA / Adware Test100% block rateExploit/Fileless Test100% block rateFalse Positive Test0 false positivesAvast Business Antivirus, McAfee Endpoint Security, and Trend Micro Worry-Free Business Security all failedthe test. Read the full report here.December 20205
Endpoint Security Buyers GuideMRG Effitas Malware Protection TestMRG Effitas conducted a commissioned test comparing the ability of different endpoint protection productsto detect malware and potentially unwanted applications (PUA). Six different vendors, including Sophos,were reviewed in the test. Sophos ranked #1 at detecting malware, as well as #1 at detecting potentiallyunwanted applications. Sophos also had an impressive false positive rate.Malware & PUACOMPARATIVE PROTECTION ASSESSMENTAccuracy / False PositiveMissedFalse PositiveBehavior BlockedTrue NegativeAuto BlockedACCURACY / FPPUAMALWAREACCURACY / FPPUAMALWAREACCURACY / FPPUAMALWAREACCURACY / FPPUAMALWAREACCURACY / FPMALWARE0%PUA50%ACCURACY / 4.4916.311.6198.39Read the complete results here.December 20206
Endpoint Security Buyers GuideMRG Effitas Exploit and Post-Exploit Protection TestAs a follow up to their malware protection test, MRG Effitas also release a report comparing differentendpoint solutions stop specific exploitation techniques. Sophos Intercept X far outperforming the othersolutions tested. In fact, Sophos was able to block more than twice the amount of exploit techniquesrelative to most of the other tools tested.Level 1: Product blocked the exploitLevel 2: Exploit missed by attack stopped by other methodsDisputedEXPLOIT PROTECTION TEST 1921222324122121231917171512121083The full report is available here.SE Labs Endpoint Protection ReportSE Labs Endpoint Protection Report Sophos Intercept X Advanced achieved a 100% Total Accuracy Ratingfor both enterprise endpoint protection and small business endpoint protection in the SE Labs endpointprotection test report (Jan - Mar 2020). Intercept X Advanced has been given a AAA rating by SE Labs inevery test they have conducted, dating back to April 2018.TOTAL ACCURACY RATINGSProductTotal Accuracy RatingTotal Accuracy (%)AwardSophos Intercept X Advanced1,136100%AAAESET Endpoint Security1,136100%AAAKaspersky Small Office Security1,136100%AAASymantec Endpoint Protection Cloud1,11798%AAATrend Micro Worry-Free Security Services1,11498%AAAMcAfee Endpoint Security1,10797%AAAMicrosoft Windows Defender EnterpriseBitdefender GravityZone Endpoint SecurityWebroot SecureAnywhere Endpoint Protection1,10197%AAA1,099.597%AAA99387%ASource: SE Labs Small Business Protection Jan-Mar 2020December 20207
Endpoint Security Buyers GuideTOTAL ACCURACY RATINGSProductTotal Accuracy RatingTotal Accuracy (%)AwardSophos Intercept X Advanced1,136100%AAAESET Endpoint Security1,136100%AAAKaspersky Small Office Security1,136100%AAASymantec Endpoint Protection Cloud1,11798%AAAMcAfee Endpoint Security1,10797%AAAMicrosoft Windows Defender Enterprise1,10197%AAABitdefender GravityZone Endpoint Security1,099.597%AAACrowdstrike Falcon1,08996%AAAVIPRE Endpoint Security1,08796%AAAFireEye Endpoint Security1,05293%AASource: SE Labs Small Business Protection Jan-Mar 2020Gartner Magic Quadrant for Endpoint Protection PlatformsGartner’s Magic Quadrant for EndpointProtection Platforms is a research tool thatrates vendors on completeness of visionand ability to execute. Sophos has beennamed a “Leader” in the Gartner MagicQuadrant for Endpoint Protection Platformsfor the twelfth consecutive report. Gartnerpraised Sophos for our strong endpointprotection, citing customer confidence inproven anti-ransomware defensesincluding rollback functionality, broadendpoint detection and response (EDR)threat hunting and IT operations capabilitiesand centralized management of all Sophossolutions via Sophos Central.December 20208
Endpoint Security Buyers GuideThe Forrester Wave : Endpoint Security SuitesForrester Research, Inc. conducts extensive product evaluations to create their report, interviewing bothendpoint vendors and their customers. They evaluate vendors based on the strength of both their productand their strategy. Sophos has, once again, been named as a Leader in the Forrester Wave for EndpointProtection Suites.The full report is available here.ESG Labs Intercept X ReviewThe Enterprise Strategy Group Lab tested Sophos Intercept X and determined:“Intercept X stopped 100% of the exploit techniques that were missed by the traditional antivirus application.”³The full report is available here.December 20209
Endpoint Security Buyers GuideAV ComparativesIntercept X made its first public AV-Comparatives Business Security Test appearance and ranked #1 formalware detection. We earned a 99.7% detection rate with just one false alarm in the "real world" test, and99.9% detection and zero false alarms in the "malware" test.MALWARE PROTECTION RATEFALSE ALARMS ON COMMONBUSINESS SOFTWAREAvast, Bitdefender, Panda, Sophos, SparkCognition99.9%0Cisco, Symantec, Trend Micro99.8%0K7, McAfee99.7%0Seqrite99.6%0FireEye, Microsoft99.5%0CrowdStrike, Endgame, VIPRE99.2%0Kaspersky Lab99.0%0Fortinet98.9%0ESET99.5%0Source: AV-Comparatives Business Security Test Jan-Mar 2020PC MagazinePC Magazine noted that Intercept X is “an excellent malware defensesolution for businesses of any size.” They went on to say that it provides“excellent detection and anti-exploit functionality”, “fully integratedEndpoint Detection and Response (EDR)” and “good policy control.”Source: ept-x-endpoint-protectionAV-Test (Mac)Sophos scored a 6/6 on protection, 6/6 on performance and 6/6 forusability.Source: 05/December 202010
Endpoint Security Buyers GuideIntercept X Third Party Test Results andTop Analyst ReportsSE LabsÌ AAA Rated for Enterprise – 100% total accuracy ratingÌ AAA Rated for SMB – 100% total accuracy ratingÌ AAA Rated for Consumer - 100% total accuracy ratingAV-ComparativesÌ Ranked #1 for Malware Protection (99.9% detection, zero false alarms)MRG EffitasÌ Ranked #1 for Malware ProtectionÌ Ranked #1 for Exploit ProtectionÌ 100% block rate, 0 false positives 360 Degree AssessmentPC MagazineÌ Editor’s ChoiceAV-TestÌ AV-Test (macOS): Perfect ScoreÌ AV-Test (Android): Perfect ScoreGartnerÌ Leader: 2020 EPP Magic QuadrantForresterÌ Leader: 2019 Endpoint Security WaveIDCÌ Leader: 2019-2020 Enterprise Mobility Management MarketscapeÌ Leader: 2020 Worldwide Mobile Threat Management MarketscapeDecember 202011
Endpoint Security Buyers GuideExtending Your Security: Consider Complete ProtectionAn endpoint security solution is just one part of an overall security strategy. Today’s organizations are wiseto look beyond the endpoint toward protecting the entire environment.Ideally, a single vendor provides solutions that work together to give you consistent protection and policyenforcement throughout your organization. Working with a single vendor can provide better security, reduceadministration, and lower costs.Some specific technologies to consider along with endpoint protection include full disk encryption,mobile device management, mobile security, secure email gateway, specialized server or virtualmachine protection, and Synchronized Security between endpoint and network devices.Extending Yo
Endpoint security solutions, sometimes referred to simply as antivirus solutions, may include a variety of foundational (traditional) and modern (next-gen) approaches to preventing endpoint threats. When evaluating solutions, it is important to look for solutions that have a comprehensive set of techniques to stop a wide range of threats.
This section describes the Sophos products required for managed endpoint security: Sophos Enterprise Console Sophos Update Manager Sophos Endpoint Security and Control 2.1 Sophos Enterprise Console Sophos Enterprise Console is an administration tool that deploys and manages Sophos endpoint software using groups and policies.
HTTPS Sophos UTM Manager IP Address 192.168.2.200 Sophos UTM (UTM01) Port 4433 Ext. IP Address 65.227.28.232 WebAdmin Port 4444 Port 4433 InternetInte Sophos UTM (UTM03) Sophos UTM (UTM04) Sophos UTM (UTM02) Sophos UTM (UTM06) Sophos UTM (UTM07) Sophos UTM (UTM05) Sophos UTM (UTM08) Customer/Of ce 1 Customer/Of ce 2 Port 4422 Gateway Manager
Download and study the Sophos Endpoint Security and Control documentation and the Sophos SAVDI Quick Start Guide available at the Sophos web site. Download the Endpoint Security and SAVDI packages for the required platform. Verify that the hardware requirements for the SESC and SAVDI packages meet your (virtual) hardware platform specs.
Sophos Server Protection Sophos Email Protection EMC NetApp Sophos for Network Storage ストレージサーバー 外部用サーバー SafeGuard Sophos Anti-Virus for vShield - VDI Windows Mac Linux Windows クライアント 支店 / 支社 2 Sophos RED Sophos Wi-Fi Ac
Symantec Endpoint Protection . Endpoint Protection Manager: v11.600.550 Symantec Endpoint Protection: v11.6000.550 . Sophos Endpoint Security and Data Protection . Enterprise Console: v4.0.0.2362 Endpoint Security and Control: v9.05 . Trend Micro Worry-Free Business Security: Standard Edition . Worry-Free Business Security: v6.0 SP2 build 3025
Sophos Sophos Endpoint Protection Endpoint Security and Control 10.7 April 2017 Bitdefender Bitdefender GravityZone Business Security 6.2.18.884 April 2017 Symantec Corp Symantec Endpoint Protection Cloud 22.9.1.12 April 2017 ESET, spol. s r.o. ESET Endpoint Security 6.5.2094.0 April 2017 Mal
Sep 21, 2018 · Sophos Anti-Virus for NetApp Storage Systems 4 Before you install Sophos Anti-Virus for NetApp Storage Systems Before installing Sophos Anti-Virus for NetApp Storage Systems, you need to do the following: Install Sophos Endpoint Security and Control (antivirus component only
Vendor Product Version Endpoint Security 10.x Endpoint Security for Mac 10.x VirusScan 8.x VirusScan for Mac 9.x McAfee McAfee Security for Mi crosoft Exchange 8.5 Microsoft Windows Defender All known versions Symantec Endpoint Protection 12.1, 14 Endpoint Protection for Macintosh 12, 14 Sophos Endpoint Security 9.x, 10.x
