{"id":161961,"date":"2024-09-26T10:30:00","date_gmt":"2024-09-26T09:30:00","guid":{"rendered":"https:\/\/www.avanet.com\/blog\/sophos-adaptive-attack-protection-api\/"},"modified":"2024-09-27T19:06:23","modified_gmt":"2024-09-27T18:06:23","slug":"sophos-adaptive-attack-protection-api","status":"publish","type":"post","link":"https:\/\/www.avanet.com\/en\/blog\/sophos-adaptive-attack-protection-api\/","title":{"rendered":"Sophos Adaptive Attack Protection API"},"content":{"rendered":"\n<p>The threat landscape is constantly evolving and IT administrators are faced with the challenge of protecting their networks and endpoints against increasingly sophisticated attacks.\nOne particularly innovative solution that helps with this is the <strong>Adaptive Attack Protection API<\/strong> from Sophos.\nThis technology provides dynamic protection that automatically activates additional security measures when attacks are detected.\nThis blog post explains how the Adaptive Attack Protection API works, what benefits it offers and how IT administrators can integrate it into their security strategy.   <\/p>\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Topics<\/h2><nav><ul><li class=\"\"><a href=\"#titel\"><a href=\"#titel\">What is the Adaptive Attack Protection API?<\/a><\/a><ul><li class=\"\"><a href=\"#funktionsweise\"><a href=\"#funktionsweise\">Functionality<\/a><\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#vorteile-der-adaptive-attack-protection-api\"><a href=\"#vorteile-der-adaptive-attack-protection-api\">Advantages of the Adaptive Attack Protection API<\/a><\/a><ul><li class=\"\"><a href=\"#1-automatische-aktivierung\"><a href=\"#1-automatische-aktivierung\">1. automatic activation<\/a><\/a><\/li><li class=\"\"><a href=\"#2-erweiterter-schutz-bei-angriffen\"><a href=\"#2-erweiterter-schutz-bei-angriffen\">2. extended protection against attacks<\/a><\/a><\/li><li class=\"\"><a href=\"#3-erweiterte-api-funktionalitaten\"><a href=\"#3-erweiterte-api-funktionalitaten\">3. extended API functionalities<\/a><\/a><\/li><li class=\"\"><a href=\"#4-erhohte-sichtbarkeit-und-kontrolle\"><a href=\"#4-erhohte-sichtbarkeit-und-kontrolle\">4. increased visibility and control<\/a><\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#integration-in-die-sicherheitsstrategie\"><a href=\"#integration-in-die-sicherheitsstrategie\">Integration into the security strategy<\/a><\/a><ul><li class=\"\"><a href=\"#1-automatisierte-reaktion-auf-bedrohungen\"><a href=\"#1-automatisierte-reaktion-auf-bedrohungen\">1. automated response to threats<\/a><\/a><\/li><li class=\"\"><a href=\"#2-gezielte-aktivierung-wahrend-untersuchungen\"><a href=\"#2-gezielte-aktivierung-wahrend-untersuchungen\">2. targeted activation during examinations<\/a><\/a><\/li><li class=\"\"><a href=\"#3-langfristige-aktivierung-fur-kritische-endpunkte\"><a href=\"#3-langfristige-aktivierung-fur-kritische-endpunkte\">3. long-term activation for critical endpoints<\/a><\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#demo-der-adaptice-atack-protection\"><a href=\"#demo-der-adaptice-atack-protection\">Demo of the Adaptive Attack Protection<\/a><\/a><\/li><\/ul><\/nav><\/div>\n\n<h2 class=\"wp-block-heading\" id=\"titel\">What is the Adaptive Attack Protection API?<\/h2>\n\n<p>Adaptive Attack Protection (AAP) is an automatic protection mechanism that activates additional security measures when active attacks are detected on an endpoint.\nThis happens without manual intervention and enables administrators to effectively block attackers and gain time for further countermeasures. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"funktionsweise\">Functionality<\/h3>\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-48c10d1\" data-block-id=\"48c10d1\"><style>.stk-48c10d1 .stk-img-figcaption{text-align:center !important;color:#abb7c2 !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch stk--has-lightbox\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-161837\" src=\"https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-scaled.jpg\" width=\"2560\" height=\"1145\" alt=\"Sophos Central Policy - Adaptive Attack Protection\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-scaled.jpg 2560w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-300x134.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-1024x458.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-768x343.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-1536x687.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-2048x916.jpg 2048w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-600x268.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-central-endpoint-policy-adaptive-attack-protection-64x29.jpg 64w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><figcaption class=\"has-text-color stk-img-figcaption\">Sophos Central Policy &#8211; Adaptive Attack Protection<\/figcaption><\/figure><\/div>\n\n<p>Adaptive Attack Protection detects suspicious activity using two main methods:<\/p>\n\n<ol class=\"wp-block-list\">\n<li><strong>Recognition of attack tools:<\/strong> AAP can identify the use of common attack tools and react accordingly.<\/li>\n\n\n\n<li><strong>Detection of active malicious behavior:<\/strong> By analyzing behavior on the endpoint, AAP can detect early signs of an ongoing attack and activate appropriate defensive measures.<\/li>\n<\/ol>\n\n<p><strong>Source: <\/strong><a href=\"https:\/\/docs.sophos.com\/central\/customer\/help\/en-us\/ManageYourProducts\/EndpointProtection\/ThreatProtectionPolicy\/index.html#runtime-protection\" target=\"_blank\" rel=\"noreferrer noopener\">Sophos KB &#8211; Adaptive Attack Protection<\/a><\/p>\n\n<p>In such situations, temporary restrictions are activated that may be a hindrance in everyday life, but are necessary in the event of an attack to prevent the threat from spreading.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"vorteile-der-adaptive-attack-protection-api\">Advantages of the Adaptive Attack Protection API<\/h2>\n\n<h3 class=\"wp-block-heading\" id=\"1-automatische-aktivierung\">1. automatic activation<\/h3>\n\n<p>The AAP is included as standard in all <a href=\"https:\/\/www.avanet.com\/en\/shop\/sophos-central\/\">Sophos Central Endpoint<\/a> products and does not need to be activated manually.\nAs soon as a potential attack is detected, the appropriate steps are taken automatically. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"2-erweiterter-schutz-bei-angriffen\">2. extended protection against attacks<\/h3>\n\n<p>If AAP detects a &#8220;hands-on-keyboard&#8221; attacker, increased protection mechanisms are activated.\nThis also blocks actions that are harmless in everyday life but dangerous in an attack situation.\nThis gives the defenders more time to neutralize the attack.  <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"3-erweiterte-api-funktionalitaten\">3. extended API functionalities<\/h3>\n\n<p>Through the Endpoint API extensions, it is possible to manually enable or disable Adaptive Attack Protection.\nThis is particularly useful when suspicious activity is observed, but complete isolation of the device could cause significant operational disruption. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"4-erhohte-sichtbarkeit-und-kontrolle\">4. increased visibility and control<\/h3>\n\n<p>Administrators are informed of new events and alerts as soon as AAP becomes active on a device.\nThis enables proactive monitoring and rapid response to threats. <\/p>\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\"> \n<iframe loading=\"lazy\" title=\"Sophos Endpoint Adaptive Attack Protection\" width=\"1290\" height=\"726\" src=\"https:\/\/www.youtube.com\/embed\/INZnosVwXJ0?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n <\/div><figcaption class=\"wp-element-caption\">Sophos Adaptive Attack Protection (AAP) &#8211; Overview<\/figcaption><\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"integration-in-die-sicherheitsstrategie\">Integration into the security strategy<\/h2>\n\n<p>The Adaptive Attack Protection API offers IT administrators the opportunity to adapt their security measures flexibly and depending on the situation.\nHere are some recommended deployment scenarios: <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"1-automatisierte-reaktion-auf-bedrohungen\">1. automated response to threats<\/h3>\n\n<p>By automatically activating the AAP functionalities, IT teams can react to threats without having to rely on manual intervention.\nThis reduces the time it takes to take countermeasures and minimizes the risk of a successful attack. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"2-gezielte-aktivierung-wahrend-untersuchungen\">2. targeted activation during examinations<\/h3>\n\n<p>When investigating suspicious activity, AAP can be manually activated to take additional defensive measures without completely isolating the device from the network.\nThis allows potential damage to be minimized while investigations continue. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"3-langfristige-aktivierung-fur-kritische-endpunkte\">3. long-term activation for critical endpoints<\/h3>\n\n<p>For particularly critical endpoints or during an ongoing threat situation, AAP can remain activated for a longer period of time via the API.\nThis provides additional security and protects sensitive systems from potential attacks. <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"demo-der-adaptice-atack-protection\">Demo of the Adaptive Attack Protection<\/h2>\n\n<p>This demo video shows how Sophos&#8217;s AAP responds in real time to an active attack.\nThe attacker attempts several common methods to compromise the system, including running malicious PowerShell scripts, downloading suspicious files, and creating new user accounts.\nSee how Sophos Endpoint automatically activates heightened defenses to block these threats and protect your IT environment.  <\/p>\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\"> \n<iframe loading=\"lazy\" title=\"Demo: Adaptive Attack Protection with Sophos Endpoint\" width=\"1290\" height=\"726\" src=\"https:\/\/www.youtube.com\/embed\/zFOf2Vaf7m4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n <\/div><figcaption class=\"wp-element-caption\">Demo: Sophos Adaptive Attack Protection (AAP)<\/figcaption><\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"faq\">FAQ<\/h2>\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1726825719186\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Does AAP have to be activated manually?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>No, it is enabled by default in all Sophos Endpoint licenses and does not need to be configured manually.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1726825731597\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">How long will AAP remain active?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>AAP remains active for as long as suspicious activity is detected.<br \/>\nThe duration can also be extended manually. <\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1726825778898\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Can AAP be used on servers?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, Adaptive Attack Protection is available on both endpoints and servers.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1726825806303\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Does AAP affect system performance?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>The impact on system performance is minimal and only relevant during the activation of AAP.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The threat landscape is constantly evolving and IT administrators are faced with the challenge of protecting their networks and endpoints against increasingly sophisticated attacks. One particularly innovative solution that helps with this is the Adaptive Attack Protection API from Sophos. This technology provides dynamic protection that automatically activates additional security measures when attacks are detected. [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":161864,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[277],"tags":[],"class_list":["post-161961","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/161961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/comments?post=161961"}],"version-history":[{"count":0,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/161961\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media\/161864"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=161961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/categories?post=161961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/tags?post=161961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}