Data Loss Antivirus Protection Buffalo NY

i-Protect

Data loss resulting from cyber-attacks is one of the greatest threats facing businesses today. Having endpoint protection in place that works in conjunction with your firewall is critical to any information security program.

I-Evolve's i-Protect takes a new approach to network protection. i-Protect blocks malware and infections by identifying and preventing the handful of techniques and behaviors used in almost every exploit.

Protect against viruses and exploits

Solution Highlights

Isolation

Part of remediating a problem is putting it in quarantine so it can’t keep spreading. When necessary, i-Protect will isolate compromised devices until we can be sure they’re safe.

Threat Removal

If i-Protect finds something malicious, it will automatically remediate the threat.

Feature Comparison

(Hover over feature name for more information)

Prevent	Level 1 i-Protect Standard	Level 2 i-Protect w/ Anti-ransomware	Level 3 i-Protect w/ XDR/MTR	Level 4 i-Protect MDR Complete
Download Reputation Download Reputation is a feature of the Windows Endpoint product that checks files downloaded from some internet browsers against a database of files held in Sophos Labs. The database uses feedback from Sophos’ latest Windows Endpoint products to generate reputation scores for files seen on customer endpoints. The reputation scores are currently based on the prevalence, age and URL source of files. Web Control / Category-based URL blocking This provides protection, control, and reporting for endpoint machines that are located, or roam, outside your corporate network. I-Protect Web Control allows for the filtering of 14 essential site categories on user machines. Peripheral Control Sophos Device Control now allows an administrator to manage the use of storage devices, network interfaces and media devices connected to all managed endpoints. Application Control Application Control enables network administrators to block certain legitimate applications from running on work computers. Typically, you would use Application Control to prevent users from running applications that are not a security threat, but that you decide are unsuitable for use in your workplace environment. For example, games or instant messaging programs. Deep Learning Malware Detection An advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan. Anti-Malware File Scanning As malware continues to rapidly evolve and grow, i-Protect has realized that it needs a way to enhance existing data updates with a system to keep endpoint protection up to date in real-time. This was done to both improve the response time to new malware and reduce the amount of data delivered to the endpoints. Pre-execution Behavior Analysis (HIPS) Pre-execution Behavior Analysis happens Pre-execution, the behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious. NOTE: HIPS = Host Intrusion Prevention System Potentially Unwanted Application (PUA) Blocking Potentially unwanted applications are programs that aren't malicious, such as dialers, remote administration and hacking tools, but are generally considered unsuitable for most business networks. Intrusion Prevention System (IPS) Malicious Network Traffic Protection with Packet Inspection - better known as Intrusion Prevention System (IPS). This technology is already present on your firewall, but it only protects machines that are inside your network against attacks from the outside. But that protection isn't there when you connect to the Wi-Fi of the local coffee shop. It is also needed if a server is infected and tries to attack other machines in your network. Data Loss Prevention Prevent loss of data through removable devices and media, web and IM applications, and email. Runtime Behavior Analysis (HIPS) Runtime Behavior Analysis identifies the suspicious behavior of processes that are running and present on the computer at the time. This analysis protects you against attacks from malware, spyware, hacking tools and Potentially Unwanted Applications as well as some exploits and intruder attacks. NOTE: HIPS = Host Intrusion Prevention System Malicious Traffic Detection (MTD) Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. If this traffic is detected, then it is an early indicator that a new piece of malware may be present and as such can aid in the detection and collection of samples to enable the i-Protect source Lab to write specific detection. Exploit Prevention Exploit Prevention mitigates the methods attackers use to exploit software vulnerabilities. Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques. This process protects your endpoints from exploit kits and malicious payloads looking to exploit both known and unknown software vulnerabilities. Active Adversary Mitigations Credential theft protection: Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz. Code cave utilization: Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance. APC protection: Detects abuse of Asynchronous Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code) Disk and Boot Record Protection (WipeGuard) WipeGuard similar to CryptoGuard, works to protect the master boot record from malicious encryption. Enhanced Application Lockdown Preventing malicious behaviors of applications, like a macro in a Word document that installs another application and runs it.	✔ Features available in all i-Protect versions
Ransomware File Protection (CryptoGuard) CryptoGuard defends against ransomware, working at the file system level to detect and intercept unsolicited file encryption, both on the server or from a remote endpoint connected to the server. Even if trusted files or processes are abused or hijacked, CryptoGuard will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.		✔	✔	✔

Prevent

Level 1
i-Protect
Standard

Level 2
i-Protect
w/ Anti-ransomware

Level 3
i-Protect
w/ XDR/MTR

Level 4
i-Protect
MDR Complete

Download Reputation Download Reputation is a feature of the Windows Endpoint product that checks files downloaded from some internet browsers against a database of files held in Sophos Labs. The database uses feedback from Sophos’ latest Windows Endpoint products to generate reputation scores for files seen on customer endpoints. The reputation scores are currently based on the prevalence, age and URL source of files.

Web Control / Category-based URL blocking This provides protection, control, and reporting for endpoint machines that are located, or roam, outside your corporate network. I-Protect Web Control allows for the filtering of 14 essential site categories on user machines.

Peripheral Control Sophos Device Control now allows an administrator to manage the use of storage devices, network interfaces and media devices connected to all managed endpoints.

Application Control Application Control enables network administrators to block certain legitimate applications from running on work computers. Typically, you would use Application Control to prevent users from running applications that are not a security threat, but that you decide are unsuitable for use in your workplace environment. For example, games or instant messaging programs.

Deep Learning Malware Detection An advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan.

Anti-Malware File Scanning As malware continues to rapidly evolve and grow, i-Protect has realized that it needs a way to enhance existing data updates with a system to keep endpoint protection up to date in real-time. This was done to both improve the response time to new malware and reduce the amount of data delivered to the endpoints.

Pre-execution Behavior Analysis (HIPS) Pre-execution Behavior Analysis happens Pre-execution, the behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious.

NOTE: HIPS = Host Intrusion Prevention System

Potentially Unwanted Application (PUA) Blocking Potentially unwanted applications are programs that aren't malicious, such as dialers, remote administration and hacking tools, but are generally considered unsuitable for most business networks.

Intrusion Prevention System (IPS) Malicious Network Traffic Protection with Packet Inspection - better known as Intrusion Prevention System (IPS). This technology is already present on your firewall, but it only protects machines that are inside your network against attacks from the outside. But that protection isn't there when you connect to the Wi-Fi of the local coffee shop. It is also needed if a server is infected and tries to attack other machines in your network.

Data Loss Prevention Prevent loss of data through removable devices and media, web and IM applications, and email.

Runtime Behavior Analysis (HIPS) Runtime Behavior Analysis identifies the suspicious behavior of processes that are running and present on the computer at the time. This analysis protects you against attacks from malware, spyware, hacking tools and Potentially Unwanted Applications as well as some exploits and intruder attacks.

NOTE: HIPS = Host Intrusion Prevention System

Malicious Traffic Detection (MTD) Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. If this traffic is detected, then it is an early indicator that a new piece of malware may be present and as such can aid in the detection and collection of samples to enable the i-Protect source Lab to write specific detection.

Exploit Prevention Exploit Prevention mitigates the methods attackers use to exploit software vulnerabilities. Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques. This process protects your endpoints from exploit kits and malicious payloads looking to exploit both known and unknown software vulnerabilities.

Active Adversary Mitigations Credential theft protection: Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz.

Code cave utilization: Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance.

APC protection: Detects abuse of Asynchronous Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)

Disk and Boot Record Protection (WipeGuard) WipeGuard similar to CryptoGuard, works to protect the master boot record from malicious encryption.

Enhanced Application Lockdown Preventing malicious behaviors of applications, like a macro in a Word document that installs another application and runs it.

✔
Features available in all
i-Protect versions

Ransomware File Protection (CryptoGuard) CryptoGuard defends against ransomware, working at the file system level to detect and intercept unsolicited file encryption, both on the server or from a remote endpoint connected to the server. Even if trusted files or processes are abused or hijacked, CryptoGuard will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.

✔

Detect & Investigate	Level 2 i-Protect w/ Anti-ransomware	Level 3 i-Protect w/ XDR/MTR	Level 4 i-Protect MDR Complete
Suspicious Events Detection and Prioritization Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.		✔	✔
Fast Access, On-disk Data Storage (up to 90 days) MTR saves 30 days of data retention for threat hunting combined with 90 days of on-device storage.		✔	✔
Threat Cases (Root Cause Analysis) Providing an explanation of what happened and how when malicious activity is detected.	✔	✔	✔
Advanced On-demand Threat Intelligence Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected		✔	✔
Forensic Data Export Forensic snapshots get data from a i-protect (Sophos) log of a computer’s activity so that you can do your own analysis.		✔	✔
Live Discover Live Discover allows administrators to gain visibility into their environment and get immediate answers to any pressing question. It allows direct access to a device to understand its current running status and historical activity.		✔	✔

Respond & Remediate	Level 2 i-Protect w/ Anti-ransomware	Level 3 i-Protect w/ XDR/MTR	Level 4 i-Protect MDR Complete
Automated Malware Removal Malware is the general term we use to describe any computer threats including Trojans, worms, and computer viruses. I-Protect allows you to quickly and easily clean up majority of the malware detected.	✔	✔	✔
Synchronized Security Heartbeat i-Protect Anti-Virus, i-Comply Firewall, and i-Secure managed Wi-Fi will share data to automatically isolate compromised devices while cleanup is performed, restrict Wi-Fi for non-compliant devices, block worm-like lateral movement, and scan endpoints on detection of compromised mailboxes.	✔	✔	✔
Clean While most virus cleaners simply remove offending malware files, Clean provides forensic-level remediation by eradicating malicious code as well as eliminating nasty registry key changes created by malware as well.	✔	✔	✔
Live Response (remotely investigate & take action) Using Live Response, the MTR team can stop suspicious processes, restart devices with pending updates, browse folders, delete files, and more.		✔	✔
On-demand Endpoint Isolation i-Protect can automatically isolating an infected endpoint. With MTR Advanced, an administrator can click to isolate a device from the network while they investigate a threat/security incident.		✔	✔
Single-click "Clean and Block" MTR provides a quick and easy way to remove suspicious or malicious threats and artifacts from an environment		✔	✔

Managed Service	Level 3 i-Protect w/ XDR/MTR	Level 4 i-Protect MDR Complete
24/7 Lead-driven Threat Hunting Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected.	✔	✔
Security Health Checks Keep your Sophos Central products--beginning with i-Protect Cloud Antivirus - Enterprise - operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements.	✔	✔
Data Retention MTR saves 30 days of data retention for threat hunting combined with 90 days of on-device storage.	✔	✔
Activity Reporting Summaries of case activities enable prioritization and communication so your team knows what threats were detected and what response actions were taken within each reporting period.	✔	✔
Adversarial Detections Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.	✔	✔
Threat Neutralization & Remediation When MTR threat hunters investigate a detection, if it turns out to be malicious in nature, the MTR team will perform the appropriate threat neutralization and remediation actions (incident response)	✔	✔
24/7 Lead-less Threat Hunting Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high-value assets, and high-risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA).		✔
Threat Response Team Lead When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on-premises resources (internal team or external partner) until the active threat is neutralized.		✔
Direct Call-in Support MTR Advanced allows end users to call into the MTR support team and speak to an expert at any time. Without MTR Advanced, call-ins are only available during an active incident.		✔
Proactive Security Posture Improvement Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities.		✔
Full-scale incident response: Threats are fully eliminated When we identify an active threat, the Sophos MDR operations team can execute an extensive set of response actions on your behalf to remotely disrupt, contain and fully eliminate the adversary.		✔
Root cause analysis Along with providing proactive recommendations to improve your security posture, we perform root cause analysis to identify the underlying issues that led to an incident. We give you prescriptive guidance to address security weaknesses so they cannot be exploited in the future.		✔
Dedicated Incident Response Lead We provide you with a Dedicated Incident Response Lead who collaborates with your internal team and external partner(s) as soon as we identify an incident and works with you until the incident is resolved.		✔
Cross-product Data Sources i-Comply and i-Filter Threat investigations are supplemented with telemetry from other Sophos Central products extending beyond the endpoint to provide a full picture of adversary activities.	✔	✔