New Sophos technology stops unknown malware threats before they execute

October 02, 2006 Sophos Press Release

Sophos, a provider of IT security for leading companies, today announced the availability of its Host Intrusion Prevention System (HIPS), which proactively identifies and blocks programs that behave suspiciously before they execute. Sophos's Behavioral Genotype Protection, which has been fully integrated into all of Sophos's anti-virus solutions, can detect unknown spyware and malware without a false positive problem and without the need to install any additional software.

Sophos's Behavioral Genotype Protection has been developed by the experts at SophosLabs™, Sophos's global network of research and development centers. Unlike competing products, which monitor running code and intercept suspicious behavior once it has occurred, Sophos's HIPS technology completely prevents malware from executing, identifying it at the gateway, on fileservers and at the endpoint. The malicious code is intercepted before it can cause any harm.

"Financially-motivated hackers are distributing new malware at a greater speed than ever before. Organisations need a strong defence which can proactively detect unknown threats as they emerge," said Steve Munford, CEO of Sophos. "The beauty of Sophos's new technology is that there is no need to roll-out new software. For no additional cost, customers can benefit from the power of our Behavioral Genotype Protection on every single operating system platform that we support. It's a simple solution to a complex problem."

Sophos's proactive protection is based on its unique product engineering. With Sophos, enterprises are able to manage security updates with a single management console and universal client for both security and general desktop management. The new HIPS technology uses the existing Sophos scanning engine, which is present in all versions of Sophos endpoint, server and gateway products. With this integration, companies have the tools to combat the problem of unknown malware for no extra charge.

"The Behavioral Genotype Protection built into Sophos's solutions is finding new malware every day that can sail past up-to-date versions of competing anti-virus products," continued Munford. "We can provide high precision in our detection of unknown malware without the false alarm problem that other vendors struggle with."

Natalie Lambert, analyst at Forrester Research writes in the Forrester Wave: Client Security Suites, Q3 2006 that "Sophos Endpoint Security provides a single agent for all of its functionality. This enables simple deployment of the product through a push from the console."

"Sophos customers consistently say that working with Sophos couldn't be easier. Furthermore, the SophosLabs' researchers work with all types of the malicious code and therefore see correlations between different types of code and create signatures that treat the entire threat," continued Lambert.

Sophos's Genotype technology has proven to be world class in its detection of emerging malware threats. The technology was capable of proactively detecting the Sober-Z worm, the biggest malware outbreak of the last 12 months, a full 20 days ahead of other major security vendors.

With Behavioral Genotype Protection, Sophos provides organisations with the following advantages:

  • Prevents malicious behaviour from executing in any instance, whether the code has launched or not.
  • Identifies malicious code at the gateway or on fileservers and deletes it before it has the chance to reach endpoint computers.
  • Eliminates false positives - SophosLabs rapidly validates its rule-sets against terabytes of legitimate code. By comparison, identifying false positives with runtime HIPS in running programs is a huge and practically impossible task.
  • Scans are performed within the anti-virus engine, eliminating the need to run or manage any additional software.

Sophos's Behavioral Genotype Protection has been fully integrated into all current versions of Sophos Anti-Virus. New customers can download a free evaluation version of the software.