Enhanced protection comes to Intercept X

Credit to Author: Alex Gardner| Date: Tue, 22 Oct 2019 21:22:59 +0000

Intercept X has launched a new early access program (EAP) that brings protection enhancements including Anti-Malware Scanning Interface Protection (AMSI) and Malicious Network Traffic Protection.

AMSI is a Microsoft interface in Windows 10, Windows Server 2016 and later that allows for the scanning of script files even when obfuscated, as well as .NET 4.8 assemblies.

Obfuscated PowerShell scripts are a very common method for attackers to compromise systems. By leveraging AMSI Intercept X gets even better at detecting and blocking these attacks.

Malicious Network Traffic Protection, also known as Intrusion Prevention System (IPS), scans inbound and outbound traffic for malicious attack patterns, with rules based on Snort methodology.

This helps in several key ways, for example, if an employee takes their laptop to a café where they have no firewall protection, IPS will identify and block malicious traffic patterns. Outbound traffic scanning also helps block lateral movement from a compromised device, stopping the threat from spreading across the network.

The EAP is open right now and available to everyone using Intercept X Advanced and Central Endpoint Protection. Support for Intercept X for Server Advanced will be added during the EAP. To join head over to the community page.

http://feeds.feedburner.com/sophos/dgdY