Sophos Exploit Prevention (SEP) in the Sophos Enterprise Console (SEC)
NotPetya and WannaCry kept the entire IT landscape on its toes in 2017, and it was replaced at the beginning of 2018 with Spectre and Meltdown. This meant IT security became an everyday topic, and not only for specialists. Even though such massive problems are initially very bad news for the reputation of an entire sector, there are nevertheless some positive side effects. In this case, it means above all that «Security Awareness» was once again on everyone’s mind. This in turn often produces the need for new products and services.
And this is also the case for IT Services (ITS) at ETH Zurich. The centrally managed anti-virus solution, which is part of the ITS basic services, was extended by an additional module. This offers Anti-Exploit and Anti-Ransomware functions and works on the basis of behaviour and not virus definitions, as traditional anti-virus scanners do. With this technology it is possible to prevent malware from being executed, before it is actually analysed by anti-virus manufacturers.
Security software
Sophos offers this technology in its product Intercept-X. But this is only a cloud-based solution. For ‹on-premise› customers, such as the ETH is at the moment, Sophos has an additional version in its portfolio, which has slightly fewer functions and which can be integrated as an additional module in any existing administration console (Sophos Enterprise Console (SEC)). The name of this additional module is Sophos Exploit Prevention (SEP) and it is now available to all ETH-internal SEC customers of ITS. Detailed information on the product and its functions can be downloaded directly from Sophos (http://www.sophos.si/media/files/000/000/232/original/sophos-endpoint-exploit-prevention-ds3.pdf).
The responsible IT support groups have been working for some time now to roll out SEP to all computers at the ETH that are supported by ITS. Only the future and any upcoming attacks will show whether this measure was worthwhile.
Text & Contact
Juraj Novak, IT Services, Client Delivery & SEC-Team (ITS User Services)