HomeRisk ManagementsKernel Drivers in Sophos Intercept X Advanced: Sophos News

Kernel Drivers in Sophos Intercept X Advanced: Sophos News

Published on

spot_img

Sophos, a leading cybersecurity company, has revealed the importance and risks associated with operating in ‘kernel-space’, the most privileged layer of an operating system. Kernel-space access is crucial for security products as it allows them to monitor and protect against malware in the user-space environment where applications run. However, this elevated access also opens the door to potential threats that malicious actors can exploit, such as BYOVD attacks or attempts to get malicious drivers cryptographically signed to access kernel-space.

Sophos’ Intercept X Advanced product utilizes five kernel drivers in its release 2024.2, each serving specific security functions. These drivers undergo extensive testing with applicable flags disabled and enabled to ensure their reliability and security. The company employs feature flags to gradually enable new features, enabling a controlled rollout and potential revisions before wider deployment.

In the interest of transparency, Sophos has detailed the functionalities, start types, signing status, and descriptions of the five kernel drivers included in Intercept X Advanced release 2024.2. These drivers play critical roles in protecting against malware, providing tamper protection, monitoring system activity events, and enforcing exploit mitigations.

The company has also outlined the inputs for each driver, including registry keys, configurations, and customer policy options. Customers can configure remediation, exclusions, and other settings through Sophos Central, ensuring flexibility in managing the security features provided by the kernel drivers.

Furthermore, Sophos emphasizes the security measures in place to minimize disruptions and vulnerabilities associated with kernel-space operations. These include a bug bounty program inviting external scrutiny and collaboration with the research community, as well as gradual feature flag enablements and phased software rollouts.

One of the key features introduced in Intercept X version 2024.1.1 is CryptoGuard ExFAT, extending protection against bulk encryption to ExFAT partitions. The development and testing of this feature underwent rigorous internal testing and gradual rollout processes to ensure smooth integration and functionality.

Sophos highlights the importance of maintaining software and feature flag stability, providing options for customers to select fixed software versions or receive periodic updates based on the company’s recommendations. This approach aims to enhance stability, avoid global disruptions, and offer customers control over their cybersecurity solutions.

In conclusion, while operating in kernel-space poses inherent risks, Sophos’ transparent approach to detailing the functionality, security measures, and management options of its kernel drivers reflects a commitment to safeguarding customers against evolving threats. By sharing insights into their security practices, the company aims to instill trust and demonstrate its dedication to providing secure and reliable cybersecurity solutions.

Source link

Latest articles

Hackers Exploit Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts

Rising Phishing Threat Exploits Microsoft Authentication Flows A new phishing technique has surfaced, capitalizing on...

NCA Warns Parents About Exploitation of Shared Child Photos by AI

The National Crime Agency (NCA) has initiated a significant campaign aimed at educating parents...

Single Points of Failure Are Problematic: The SaaS Layer Is No Exception

Lessons in IT Resilience: The Inevitable Nature of Failure and the Case for Redundancy In...

AI Isn’t Bridging the Skills Gap — It’s Highlighting the Validation Gap

AI and Cybersecurity: A Growing Concern Amidst Rapid Deployment The advent of artificial intelligence (AI)...

More like this

Hackers Exploit Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts

Rising Phishing Threat Exploits Microsoft Authentication Flows A new phishing technique has surfaced, capitalizing on...

NCA Warns Parents About Exploitation of Shared Child Photos by AI

The National Crime Agency (NCA) has initiated a significant campaign aimed at educating parents...

Single Points of Failure Are Problematic: The SaaS Layer Is No Exception

Lessons in IT Resilience: The Inevitable Nature of Failure and the Case for Redundancy In...