Sophos has been around for over 30 years, making them one of the market veterans that focuses on cybersecurity. They have a broad spectrum of cybersecurity solutions like endpoint, encryption, network security, email security, mobile security, and unified threat management. Sophos customers are ranging from SMBs to SMEs, including Large Enterprise companies. ACE is the new adaptive ecosystem Sophos introduced recently. The solution comes in place to provide end-to-end cybersecurity functionality for organizations while inviting others, even Sophos competitors, to integrate their solution with the ACE ecosystem for a greater good and provide seamless functionality to their customers. Dan reinforced that by saying, “Sophos is not looking at their competitors but at their adversaries”.
A unique capability of the ACE architecture is how security analysts can interact using an Osquery-like language to retrieve and filter data from the XDR data-lake. Sophos goes one step further, providing their customers with pre-configured queries that can help them quickly navigate through their data and focus on what matters most. Sophos also keeps their hand continuously on the pulse of the adversaries tactics and vulnerabilities by distributing queries that can highlight the attacks and malicious IOCs currently exploited in adversarial campaigns.
Sophos has years of experience collecting CTI data and analyzing it traditionally, making it available through their SophosLabs Intelix service. Based on these capabilities, any data that gets to the data lake can be coloured by the CTI markers. In addition, Sophos provides managed XDR services to their customers. And the unique advantage of it is the ML models that learn in real-time from the way operators respond to incidents and continuously evolve to automate response using AI.
One of the interesting examples is the SOAR capabilities which are part of the ACE ecosystem. For example, when the endpoint agent shares information with the firewall about malicious attempts, IOC, or current posture of the endpoint and seamlessly allows the firewall to execute policy that limits the access of the endpoint or walling it depending on the level of threat identified and communicated.
Modern attacks are very different from what they used to be a few years ago; in the past, they were very endpoint-centric and used more transparent methods of communication. Modern attacks are spanning beyond the endpoint to the identity ecosystem and utilizing a chain of multiple vulnerabilities. They are capable of landing and detonating the malicious code through various attack surfaces. The modern attackers heavily utilize standard forms of encryption like TLS to hide their communication with their C2 infrastructure. They are aware of the fact that many firewalls don’t inspect the encrypted traffic. The advantage of XDR and the data lake enables the hunters to see across the ecosystem and identify where the attackers are hiding and where they are trying to move. Adding to this, Sophos Live Response capability enabled the analyst to immediately jump on the endpoint and take action, cutting down significantly the response time.
In summary, Sophos' new ACE Architecture is a holistic solution that provides many capabilities to build on top and makes Sophos XDR a very compelling offer. Sophos recently acquired Capsule8 to advance their offerings for Linux based systems.