HomeRisk ManagementsKernel Drivers in Sophos Intercept X Advanced: Sophos News

Kernel Drivers in Sophos Intercept X Advanced: Sophos News

Published on

spot_img

Sophos, a leading cybersecurity company, has revealed the importance and risks associated with operating in ‘kernel-space’, the most privileged layer of an operating system. Kernel-space access is crucial for security products as it allows them to monitor and protect against malware in the user-space environment where applications run. However, this elevated access also opens the door to potential threats that malicious actors can exploit, such as BYOVD attacks or attempts to get malicious drivers cryptographically signed to access kernel-space.

Sophos’ Intercept X Advanced product utilizes five kernel drivers in its release 2024.2, each serving specific security functions. These drivers undergo extensive testing with applicable flags disabled and enabled to ensure their reliability and security. The company employs feature flags to gradually enable new features, enabling a controlled rollout and potential revisions before wider deployment.

In the interest of transparency, Sophos has detailed the functionalities, start types, signing status, and descriptions of the five kernel drivers included in Intercept X Advanced release 2024.2. These drivers play critical roles in protecting against malware, providing tamper protection, monitoring system activity events, and enforcing exploit mitigations.

The company has also outlined the inputs for each driver, including registry keys, configurations, and customer policy options. Customers can configure remediation, exclusions, and other settings through Sophos Central, ensuring flexibility in managing the security features provided by the kernel drivers.

Furthermore, Sophos emphasizes the security measures in place to minimize disruptions and vulnerabilities associated with kernel-space operations. These include a bug bounty program inviting external scrutiny and collaboration with the research community, as well as gradual feature flag enablements and phased software rollouts.

One of the key features introduced in Intercept X version 2024.1.1 is CryptoGuard ExFAT, extending protection against bulk encryption to ExFAT partitions. The development and testing of this feature underwent rigorous internal testing and gradual rollout processes to ensure smooth integration and functionality.

Sophos highlights the importance of maintaining software and feature flag stability, providing options for customers to select fixed software versions or receive periodic updates based on the company’s recommendations. This approach aims to enhance stability, avoid global disruptions, and offer customers control over their cybersecurity solutions.

In conclusion, while operating in kernel-space poses inherent risks, Sophos’ transparent approach to detailing the functionality, security measures, and management options of its kernel drivers reflects a commitment to safeguarding customers against evolving threats. By sharing insights into their security practices, the company aims to instill trust and demonstrate its dedication to providing secure and reliable cybersecurity solutions.

Source link

Latest articles

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...

CrossBarking Attack Exposes Opera Browser Users through APIs

Security researchers have recently brought to light a new browser attack that exploits "private"...

More like this

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...
en_USEnglish