i-Protect

Data loss resulting from cyber-attacks is one of the greatest threats facing businesses today. Having endpoint protection in place that works in conjunction with your firewall is critical to any information security program.

I-Evolve's i-Protect takes a new approach to network protection. i-Protect blocks malware and infections by identifying and preventing the handful of techniques and behaviors used in almost every exploit.

Protect against viruses and exploits

Solution Highlights

Quarrantined Viruses

Isolation

Part of remediating a problem is putting it in quarantine so it can’t keep spreading. When necessary, i-Protect will isolate compromised devices until we can be sure they’re safe.
 

Kills Viruses

Threat Removal

If i-Protect finds something malicious, it will automatically remediate the threat.

Feature Comparison

(Hover over feature for more information)

Prevent

i-Protect + EDR & MTR Standard + EDR & MTR Standard

Web Security The Web protection feature is part of Sophos Anti-Virus and is included with all Sophos Central licenses that include this product. This feature is designed to prevent threats from reaching the web browser.

Download Reputation Download Reputation is a feature of the Windows Endpoint product that checks files downloaded from some internet browsers against a database of files held in Sophos Labs. The database uses feedback from Sophos’ latest Windows Endpoint products to generate reputation scores for files seen on customer endpoints. The reputation scores are currently based on the prevalence, age and URL source of files.

Web Control / Category-based URL blocking This provides protection, control, and reporting for endpoint machines that are located, or roam, outside your corporate network. I-Protect Web Control allows for the filtering of 14 essential site categories on user machines.

Peripheral Control Sophos Device Control now allows an administrator to manage the use of storage devices, network interfaces and media devices connected to all managed endpoints.

Application Control Application Control enables network administrators to block certain legitimate applications from running on work computers. Typically, you would use Application Control to prevent users from running applications that are not a security threat, but that you decide are unsuitable for use in your workplace environment. For example, games or instant messaging programs.

Deep Learning Malware Detection An advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan.

Anti-Malware File Scanning As malware continues to rapidly evolve and grow, i-Protect has realized that it needs a way to enhance existing data updates with a system to keep endpoint protection up to date in real-time. This was done to both improve the response time to new malware and reduce the amount of data delivered to the endpoints.

Live Protection Live Protection is a technology that allows live SXL lookups to obtain the latest threat information from i-Protect cloud provider without waiting for the product to be updated. It also provides a means to automatically upload samples of files that deem interesting and worth investigating further.

Pre-execution Behavior Analysis (HIPS) Pre-execution Behavior Analysis happens Pre-execution, the behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious.

NOTE: HIPS = Host Intrusion Prevention System

Potentially Unwanted Application (PUA) Blocking Potentially unwanted applications are programs that aren't malicious, such as dialers, remote administration and hacking tools, but are generally considered unsuitable for most business networks.

Intrusion Prevention System (IPS) Malicious Network Traffic Protection with Packet Inspection - better known as Intrusion Prevention System (IPS). This technology is already present on your firewall, but it only protects machines that are inside your network against attacks from the outside. But that protection isn't there when you connect to the Wi-Fi of the local coffee shop. It is also needed if a server is infected and tries to attack other machines in your network.

Data Loss Prevention Prevent loss of data through removable devices and media, web and IM applications, and email.

Runtime Behavior Analysis (HIPS) Runtime Behavior Analysis identifies the suspicious behavior of processes that are running and present on the computer at the time. This analysis protects you against attacks from malware, spyware, hacking tools and Potentially Unwanted Applications as well as some exploits and intruder attacks.

NOTE: HIPS = Host Intrusion Prevention System

Antimalware Scan Interface (AMSI) Anti-Malware Scanning Interface (AMSI) is a Microsoft API that allows the scanning of script files and certain binaries such as .NET assemblies to detect malicious content. AMSI Protection can scan scripts, whether executed from a file or from memory, for a large number of scripting languages and interpreters.

Malicious Traffic Detection (MTD) Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. If this traffic is detected, then it is an early indicator that a new piece of malware may be present and as such can aid in the detection and collection of samples to enable the i-Protect source Lab to write specific detection.

Exploit Prevention Exploit Prevention mitigates the methods attackers use to exploit software vulnerabilities. Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques. This process protects your endpoints from exploit kits and malicious payloads looking to exploit both known and unknown software vulnerabilities.

Active Adversary Mitigations Credential theft protection: Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz.

Code cave utilization: Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance.

APC protection: Detects abuse of Asynchronous Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)

Ransomware File Protection (CryptoGuard) CryptoGuard defends against ransomware, working at the file system level to detect and intercept unsolicited file encryption, both on the server or from a remote endpoint connected to the server. Even if trusted files or processes are abused or hijacked, CryptoGuard will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.

Disk and Boot Record Protection (WipeGuard) WipeGuard similar to CryptoGuard, works to protect the master boot record from malicious encryption.

Man-in-the-Browser Protection (Safe Browsing) Includes policy options to monitor a web browser’s crypt, presentation, and network interfaces to detect man-in-the-browser attacks that are common in many banking Trojans.

Synchronized Security (Firewall, Anti-Virus) i-Protect Anti-Virus, i-Comply Firewall, and i-Secure managed Wi-Fi will share data to automatically isolate compromised devices while cleanup is performed, restrict Wi-Fi for non-compliant devices, block worm-like lateral movement, and scan endpoints on detection of compromised mailboxes.

Enhanced Application Lockdown Preventing malicious behaviors of applications, like a macro in a Word document that installs another application and runs it.


Prevention features available in
all i-Protect versions

Detect And Investigate

i-Protect + EDR & MTR Standard + EDR & MTR Standard
Suspicious Events Detection and Prioritization Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.  
Fast Access, On-disk Data Storage (up to 90 days) MTR saves 30 days of data retention for threat hunting combined with 90 days of on-device storage.  
Threat Cases (Root Cause Analysis) Providing an explanation of what happened and how when malicious activity is detected.
Deep Learning Malware Analysis An advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan.  
Advanced On-demand Threat Intelligence Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected  

Respond

i-Protect + EDR & MTR Standard + EDR & MTR Standard
Automated Malware Removal Malware is the general term we use to describe any computer threats including Trojans, worms, and computer viruses. I-Protect allows you to quickly and easily clean up majority of the malware detected.
Synchronized Security Heartbeat i-Protect Anti-Virus, i-Comply Firewall, and i-Secure managed Wi-Fi will share data to automatically isolate compromised devices while cleanup is performed, restrict Wi-Fi for non-compliant devices, block worm-like lateral movement, and scan endpoints on detection of compromised mailboxes.
Clean While most virus cleaners simply remove offending malware files, Clean provides forensic-level remediation by eradicating malicious code as well as eliminating nasty registry key changes created by malware as well.
Remote Terminal Access
(remotely investigate & take action) Using Live Response, the MTR team can stop suspicious processes, restart devices with pending updates, browse folders, delete files, and more.
 
On-demand Endpoint Isolation i-Protect can automatically isolating an infected endpoint. With MTR Advanced, an administrator can click to isolate a device from the network while they investigate a threat/security incident.  
Single-click "Clean and Block" MTR provides a quick and easy way to remove suspicious or malicious threats and artifacts from an environment  

Managed Service

i-Protect + EDR & MTR Standard + EDR & MTR Standard
24/7 Lead-driven Threat Hunting Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected.  
Security Health Checks Keep your Sophos Central products--beginning with i-Protect Cloud Antivirus - Enterprise - operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements.  
Data Retention MTR saves 30 days of data retention for threat hunting combined with 90 days of on-device storage.  
Activity Reporting Summaries of case activities enable prioritization and communication so your team knows what threats were detected and what response actions were taken within each reporting period.  
Adversarial Detections Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.  
Threat Neutralization & Remediation When MTR threat hunters investigate a detection, if it turns out to be malicious in nature, the MTR team will perform the appropriate threat neutralization and remediation actions (incident response)  
24/7 Lead-less Threat Hunting Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high-value assets, and high-risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA).    
Threat Response Team Lead When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on-premises resources (internal team or external partner) until the active threat is neutralized.    
Direct Call-in Support MTR Advanced allows end users to call into the MTR support team and speak to an expert at any time. Without MTR Advanced, call-ins are only available during an active incident.    
Proactive Security Posture Improvement Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities.    
Integration with i-Comply Firewall Threat investigations are supplemented with telemetry from other Sophos Central products extending beyond the endpoint to provide a full picture of adversary activities.    

i-Protect Benefits

  • No expensive hardware costs or capital investment.
  • Industry leading threat protection and intrusion prevention.
  • Simplified security management.
  • Improved disaster recovery.
  • 24x7 monitoring with MTR option.
  • Increased productivity.
  • Scalable to meet your organization’s needs.

Download the data sheet

Request Information

Cloud Solutions

Overview

Cloud VoIP

Managed Firewall

Cloud Antivirus

Data Backup & Recovery

Email and Spam Protection

Cloud Servers

Cloud Desktops

Network Monitoring

Web Services