Check and Mate


In a digitized work and data environment, endpoint protection has gained enormous significance. Michael Veit, Technology Evangelist, Sophos, tells The Integrator what enterprises can do to fortify defense of this important checkpoint and how GDPR will impact data integrity

Q1. With rising virus, malware, and ransomware attacks, how can enterprises ensure security of their physical and virtual (cloud) data centers?

A1. Modern threats require modern ways of protection. In addition to the traditional anti-virus, firewall, IPS and email/web security, which cannot stop highly customized and targeted attacks any more reliably, new “next-gen” technologies have to be implemented. These next-gen technologies include exploit prevention, machine learning, and behaviour monitoring.

Q2. There are various stacks that data travels through. How can enterprises ensure security for each stack?

A2. It is necessary to put as many layers of protection between the attacker and the workstation or server. On the gateway level the traditional AV, web security, web application firewall and IPS protection must be supplemented by sandboxing solutions (e.g. Sophos Sandstorm) with behaviour monitoring and machine learning. On the endpoint and server machines (either physical or virtual) the full set of features like machine learning, exploit prevention, and behaviour detection must be added to the traditional endpoint security. Sophos offers these next-gen endpoint protection functions in Sophos Intercept X (for workstations) and Intercept X for Servers.

Q3. When an incident is detected, how do enterprises respond without compromising on server performance?

A3. It is imperative not to lose time when an incident is detected. If human interaction is necessary i.e. an administrator needs to be alarmed and needs to take manual action, a lot of damage can be caused until counter measures are taken. Modern security systems communicate with each other. They act as a system and react automatically when an incident is detected. For example, if an endpoint or server detects malicious behaviour like ransomware or data theft, this is communicated to the firewall which automatically isolates this device from the internet and the internal network. The Sophos Synchronized Security concept lets all Sophos security solutions – on the endpoint and the gateway – to talk to each other, in order to identify hacker attacks and respond automatically. These next-gen features, while dramatically increasing the protection level, do not decrease server performance. On the contrary, machine learning, for example, is much faster the traditional AV scan and anti-exploit; and behaviour monitoring costs virtually no performance at all.

Q5. What endpoint security measures can enterprises take to minimise security threats?

A5. All workstations and servers need to get next-gen endpoint protection mechanisms in addition to the existing endpoint security. The next-gen protection mechanisms include machine learning/deep learning, exploit prevention, ransomware protection, behaviour monitoring, and anti-hacker technologies. In addition, Endpoint Detection and Response (EDR) capabilities need to be added, which collects and correlates security events from multiple sources like endpoints, servers, and firewalls. This allows modern threats and hacker activity to be detected, stopped, and analysed. Sophos Intercept X on workstations and servers provides these next-gen protection mechanisms as well as root cause analysis to find out what happened during an incident, which processes, files and systems were affected – and how to prevent this in the future.

Q6. What impact will GDPR have on cyber security and data privacy/integrity?

A6. GDPR will have two effects:

First, cybercriminals will double their efforts to get hold of confidential information, especially personally identifiable information. They will use this stolen data to extort high ransoms from companies who failed to protect their data – by threatening to publish this fact to the public and to the regulatory authority. So, this will boost cybercrime industry and we will see even more sophisticated threats. Second, due to the threat of high fines when failing to comply with the GDPR, many organizations will implement modern IT security technologies. Ironically, it will be the same risk manager who, in the past, advised not to implement data protection and IT security technologies because the fines threatening at that time were lower than the investment in IT security, will now urge to implement these technologies to avoid the much higher fines due to the GDPR. So, due to GDPR we will see an increase in attacks as wells as how organizations will be better protected against these attacks.

Q4. Increased digitization is making virtual environments prone to cyber security breaches. What proactive steps can enterprises take to safeguard their data?

A4. First of all, the layered approach with modern technologies described above has to be implemented. It is important to apply full security to virtual servers with full next-gen protection directly running on the server. The simple AV file scanning (on the server or on a security VM) does not provide the same level of protection. With regards to the network, digital transformation has made it even more important to heavily increase network segmentation, which means that workstations, servers, and IoT devices have to be confined to small network areas and all traffic between those areas needs to be limited to business needs.