V videu nam Karl Ackerman, Sophos Principal Product Manager, razloži posamezne varnostne funkcije v Sophos AV produktih in produktu Intercept X 2.0 EAP.
Kasneje prikaže, kako se posamezne varnostne funkcije odzivajo na različne načine poskusa napada na Win10 sistem, na katerem sta nameščena Central Endpoint Advanced in Intercept X 2.0 EAP, ki že vključuje strojno učenje.
- Attack Surface Controls (CEA) - Device, Web and Application Control
- Web Protect (CES/CEA) - Malicious file download
- Heuristics/Signature Scans (CES/CEA) - Malicious file on disk
- ML Pre-execute scans (CIX) - ML Detection of existing Malware/PUA and zero day malware
- Runtime memory scans triggered by suspect behavior-HIPS (CES/CEA) – Memory scan to detect malware
- Runtime behavior pattern lockdown (CIX) - Prohibited behavior for browser/HTA application
- Anti-Exploit (CIX) - Code Cave
- Active Adversary (CIX) - Priv Escalate, Cred Theft
- Root Cause Analysis (CIX) - Behavior Lockdown, Malicious file scan
CEA - Central Endpoint Advanced, CES - Central Endpoint Standard, CIX - Central Intercept X, ML - Machine Learning
