New Innovations in Sophos Endpoint Security

Posted on February 27, 2023

Sophos_Gues_BlogWritten by Paul Murray, guest blogger. Paul is Senior Director, Product Management at Sophos, leading the Sophos endpoint, workload and cloud security portfolio. Paul has over twenty years experience of SaaS/hosted service offerings including Product Management, Product Marketing and User Experience design. Sophos is a partner of RJ Young. 

Year in, year out, Sophos Intercept X Endpoint delivers superior cybersecurity outcomes to over a quarter of a million organizations worldwide thanks to our relentless focus on innovation and our commitment to delivering the strongest protection.

Testament to the quality of our defenses, Sophos ranked as the industry best in SE Labs’ protection tests in the fourth quarter of 2022, earning AAA ratings across the board. In both the Enterprise and SMB categories, we achieved:
• 100% rating for Protection Accuracy
• 100% rating for Legitimate Accuracy
• 100% rating for Total Accuracy

Customers also give Sophos top scores. As of February 20th, 2023, Sophos Intercept X Endpoint has a 4.8/5 rating across 374 independent reviews on Gartner Peer Insights, with 95% of customers saying they would recommend Sophos.

While we’re proud of all these results, we are passionate about protecting our users, so I want to share with you some recent enhancements that help our customers stay ahead of today’s well-funded, constantly innovating adversaries and streamline day-to-day endpoint security management.

Adaptive Active Adversary Protection

We’re constantly developing new protection techniques to guard our customers against the latest attacks. One of the latest additions to Sophos Endpoint security is Adaptive Active Adversary Protection. This new capability from SophosLabs is automatically activated whenever we detect signs that a device has been compromised and there is a hands-on keyboard attack in progress.

Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities commonly performed in human-led attacks. Just a few examples of the malicious behaviors that we prevent include:

  • Attempts to run remote admin tools
  • Attempts to run untrusted executables
  • Attempts to boot the machine in Safe Mode

Plus many, many more…

By stopping a malicious actor from performing these activities, Adaptive Active Adversary Protection slows the attack and buys time for security teams to respond to the threat before the adversary can achieve their goal. Once there are no further signs of adversary activity on the device, Adaptive Active Adversary Protection is turned off automatically. No manual enablement or tuning required!

Account Health Check

Sophos Endpoint is packed with technologies that protect organizations against advanced threats. The Account Health Check lets you quickly ensure those capabilities are correctly configured and deployed, optimizing your protection. Available to all customers via the Sophos Central platform, the Account Health Check performs several key assessments:

  • Software assignment – do devices have all the Sophos Endpoint software components assigned to them?
  • Threat policy – are policies using Sophos’ recommended settings?
  • Exclusions – are any exclusions creating attack surface exposure?
  • Tamper protection – has tamper protection been disabled on any workstations and servers?

Should the Account Health Check detect any issues, a simple ‘fix automatically’ option lets you update your protection instantly to the recommended settings. Customers have used this easy remediation option over 11,000 times in the three months since we introduced this feature, optimizing their security posture in a single click.

While recommended settings are automatically applied with all new Sophos deployments, over time issues can develop as devices are added and removed, team members change, and different software subscriptions are purchased. We recommend reviewing the Account Health Check at least every three months – and ideally monthly – to maintain a healthy environment.

Enhanced Software Management Options

Although all organizations need the same high levels of protection, larger companies often require more granular management capabilities. We recently released Fixed Term Support packages and special ‘Maintenance Release’ (MR) packages for Windows computers and servers, with macOS and Linux coverage coming later this year.

Fixed Term Support packages enable customers to precisely control which versions of Sophos Endpoint software they deploy on specific devices/groups of Windows devices. This allows you to control when devices are upgraded instead of being on the Sophos update schedule.

Special ‘Maintenance Release’ (MR) packages are where Sophos Support makes packages available to specific customers that contain fixes before the next full software rollout. Customers can apply these packages immediately to targeted devices, rapidly accelerating an organization’s ability to address an issue.

Read more about these features on the Sophos Community.

Malware Protection Enhancements for Linux

Customers asked us for on-access malware scanning and quarantine for Linux machines – and we’ve delivered. These features are now live, complementing our existing Linux protection functionality, including runtime detections, live detection, and live response.

As a reminder, the legacy Sophos Antivirus for Linux product will be retired in July 2023, so if you’re still using Sophos Antivirus for Linux, switch to the new Sophos Protection for Linux agent today.

Faster, Lightweight Agent

Sophos Endpoint delivers superior protection without compromise. We’ve expanded our protection capabilities while also reducing the Windows agent’s memory footprint by 40% and reducing the number of processes by over 30%. Plus, we’ve introduced a new XDR-sensor deployment option that is ~80% lighter than the older full agent. The result: accelerated performance of applications, workloads, and devices.

Built-in ZTNA Agent – on Windows and macOS Devices

Zero-Trust Network Access (ZTNA) is fast becoming the remote access technology of choice for organizations of all sizes. It enhances security, is easier to manage, and works reliably everywhere without getting in the way.

Sophos Intercept X Endpoint is the only endpoint protection solution with a built-in ZTNA agent, future-proofing customers’ defenses. Following our recent addition of macOS support, organizations can extend their protection to include Sophos ZTNA across their entire estate at any time, without the need to deploy an additional agent*.  Both solutions are managed through the Sophos Central platform for elevated ease of use.

* Requires Sophos ZTNA subscription purchase

More Coming Soon!

We have an exciting and aggressive roadmap that continues our delivery of innovative, market-leading protection for our customers. In the coming months, we look forward to introducing a Long-Term Support (LTS) version for Windows that allows customers to stay on a static version for up to 18 months. This is particularly useful for critical infrastructure where version control is strictly controlled.

We’ll also be adding a new software version report in the Central UI. With the ability to define which version/packages are deployed to every device, this new report will enable customers to quickly review and identify versions/packages running on their devices.

Following the very warm customer response to the Account Health Check, we will soon be launching additional features including a new ‘snooze’ option to defer checks to a later time, proactive alerts that notify you whenever a configuration change is made that affects cyber health, and scoring that enables you to track improvements in security posture over time.

We’re further enhancing the Sophos Linux Sensor (SLS), adding the ability to ingest detection data into the Sophos Data Lake and Threat Analysis Center, and we’ll also enable security teams to create and manage runtime detections in Sophos Central.

Plus, for macOS, admin-led device isolation will be available imminently, and we’re planning to open our Early Access Program (EAP)  for HTTPS decryption for web protection next quarter. I look forward to sharing more details about these and other enhancements shortly.

Explore Sophos Endpoint Security Today

To find out more about Sophos Endpoint and how it can help your organization better defend against today’s advanced attacks, speak with an RJ Young specialist today.


Sign up for our newsletter to hear about the latest office technology trends, products and services, advice, how-to's, and upcoming events!