Sophos Intercept X Thwarts Ransomware Before It Encrypts Files

Ransomware may be the most perfect form of extortion the internet has ever seen. After all, attackers encrypt and lock files without warning and demand that ransom be paid using untraceable crypto-currencies, making it impossible for victims to trace the attackers, while those victims’ files are held hostage until the ransom is paid. Sophos aims to take the sting out of ransomware with Sophos Intercept X, a product designed to prevent ransomware from taking hold on endpoints, networks and other IT resources. Sophos Intercept X works alongside traditional antivirus or anti-malware solutions, bringing an extra layer of protection to the endpoint. That extra layer of protection is focused on identifying ransomware-like activity, something that traditional anti-malware products tend to lack.

Sophos Intercept X is installed from Sophos Central, a unified portal for controlling and managing Sophos’ security products. Getting started with Sophos Intercept X takes little more than registering with Sophos Central and selecting what product to deploy.

Sophos offers multiples methods for installing Sophos Intercept X. You can do so directly from Sophos Central or you can download installation files. Regardless of the method chosen, administrators can automate the process using policies, scripts or other deployment techniques, aiding the deployment of Sophos Intercept X across a dozen or even a thousand machines.

Sophos strives to keep things as simple as possible, and so Intercept X installation is wizard-driven and even accomplishes critical chores, such as updates and patches, automatically. Sophos has integrated the updating service directly into Sophos Intercept X, so end users don’t need to do anything to stay up to date with the product.

End users will find Sophos Intercept X simple to interact with. A basic dashboard alerts users to the status of the product, and large, easy-to-identify buttons make it simple to execute scans or track events on the system. Ideally, Sophos Intercept X just waits in the background, looking for threats, automatically mitigating those threats and then just letting end users know all is OK.

As part of the initial deployment, Sophos Intercept X can do a complete system scan to identify ransomware, malware or other threats. Scans are thorough, fast and fully logged.

An interactive dashboard, which rolls up events from deployed Sophos security products, enables administrators to check the security status of monitored systems with a single glance. Administrators can also drill down into individual systems, events and alerts to further investigate anomalies.

User management is critical when using Sophos Intercept X. And with the Sophos Central administration dashboard, administrators have the necessary tools to manage users and groups. Administrators can set default permissions, define group memberships and assign roles to users as well.

Although Sophos refers to managed systems as computers, endpoints are fully represented in the computer management dashboard. Important criteria, such as who used the system, when it was last accessed and more, are recorded for administrators to review. What’s more, software installed on endpoints can be managed from this dashboard as well.

The Sophos Central dashboard manages Sophos software installed on registered endpoints. Administrators can execute installations, patches and other software settings from the Manage Endpoint Software dashboard.

Policies are a key component of Sophos Intercept X, as well as the other endpoint applications offered by Sophos. Administrators can define policies for users, computers (endpoints) and servers from Sophos Central. Policy creation is wizard-driven, but administrators do have the option to manually configure policies as well.

Administrators can identify scanning exclusions, having the endpoint security products skip scanning specific directories or files. Exclusions come in handy for skipping over folders that are protected in other ways and may not be subject to ransomware.

Administrators can define how much bandwidth can be used on Windows systems for updates and software downloads. The ability to control bandwidth helps prevent “packet storms,” which may occur when hundreds of endpoints are attempting to download updates or new software simultaneously.

Sophos gives administrators extensive information on what is occurring on endpoints. That information can be used for forensic purposes or to define additional policies.