Sophos Adds "Live" Protection Technologies to Block Malware Outbreaks in Real-Time

June 04, 2010 Sophos Press Release

BOSTON - June 9, 2010 - IT security and data protection firm Sophos today announced the addition of Sophos Live Protection technologies to its Sophos Endpoint Security and Data Protection offering. This new cloud-based architecture arms customers with the industry's most extensive combination of real-time threat protection and real- time feedback to security and application policy settings. Sophos Live Protection simplifies the rollout of proactive protection for employees inside and outside the office - allowing them to get the protection they need against today's fast moving threats such as hijacked websites and targeted malware attacks - without adding additional IT security management overhead.

Today more than ever, proactive detection technologies like Host Intrusion Prevention System (HIPS) and cloud-based malware lookups are now critical to staying ahead of the escalating threat landscape. In fact, Sophos now analyzes more than 50,000 new malware samples daily.

However, within the IT security market, adoption rates of HIPS technologies have been serially low. According to Forrester Research, approximately 6 percent of companies in North America ranging from 20 to 1,000 users currently use HIPS technology and only 8 percent plan to implement HIPS technology within the next 12 months.

"The security industry has long had behavioural anti-virus and HIPS, but false positives, complexity, and cost of ownership have historically prevented widespread use," said Joshua Corman, research director, enterprise security practice at The 451 Group. "The realities of Advanced Persistent Threats and Adaptive Persistent Adversaries require vendors also adapt by investing in, maturing, and enabling better use of advanced detection capabilities. We're pleased to see Sophos adapting to meet these challenges."

Benefits of New, Integrated Protection Technologies

Three new protection technologies have been built into the Sophos Endpoint Security and Data Protection 9.5 agent to stop emerging threats from both inside and outside the corporate network:

  • Sophos Live URL Filtering - Prevents real-time access to URLs that have been identified as hosting malware based upon an URL database hosted by SophosLabs. This database contains more than 11 million malicious URLS and is growing by 20,000-40,000 each day. Regardless of where the user is - in the office, at home or using an unprotected Wi-Fi network - they are protected against the growing number of web-based threats.
  • Sophos Live Anti-Virus - Stops previously unseen threats faster by instantly checking suspicious files against an extensive in-the-cloud database of known good and bad reputation data - a response is received within milliseconds allowing or blocking known good and bad executables.
  • Sophos Runtime Behavior Detection - Combines multiple detection techniques and compares results to a database of existing profiles. Behavioral Genotype™ protection examines files before they execute and new Runtime Behavior Detection examines files as they execute. By using these techniques in concert, Sophos can more accurately proactively identify malware in order to alert users and automatically resolve the issue.

"Sophos's philosophy has long been to offer advanced security protection while reducing the security-related challenges IT administrators face," said Rainer Gawlick, chief marketing officer at Sophos. "The latest combination of technologies introduced in Sophos Endpoint Security and Data Protection 9.5 will address many web-based threats and targeted attacks - a top concern among all businesses today - without adding any additional overhead for the customer."

Powered by SophosLabs

The expertise and data behind these technologies is correlated and analyzed by SophosLabs, the global intelligence network of Sophos. For 25 years, Sophos has been in the business of analyzing and protecting against viruses and other security threats. With more than two decades of experience under its belt, this network has pioneered an integrated approach to threat protection analysis - encompassing malware, malicious URLs, and spam - while also managing and updating rulesets for host-based intrusion prevention (HIPS), application control, data loss prevention, and device control policies. With the unveiling of Sophos Live Protection, SophosLabs extends its innovative heritage of addressing threats and data concerns by leveraging automated systems and bi-directional data exchange to produce protection on three levels:

  • Protection - Offers faster malware identification and blocking, as well as assisted remediation.
  • Profiling - Integrated HIPS and bi-directional intelligence exchange provides a baseline understanding of system and file behaviors to non-disruptively learn and ultimately alert on suspicious activity with much greater accuracy.
  • Prevention - SophosLabs consultative role with all its customers helps to define actionable security policies based on global intelligence and local understanding, preventing configuration errors or broken applications.

"Sophos continues to implement new technologies without increasing operational overhead," said Will Wilson, director information systems at Guardian Real Estate Services LLC. "Since I've implemented Sophos on our corporate endpoints, it's been apparent that the tight integration of technologies is more efficient than our previous solution and it especially gives me peace of mind that SophosLabs does the heavy lifting in terms of fine-tuning HIPS, maintaining our application and device control lists and delivering real-time threat protection, so that I can focus on other critical areas of my job."

Additional Benefits in Sophos Endpoint Security and Data Protection 9.5

Additional benefits to Sophos Endpoint Security and Data Protection 9.5 customers include extended platform coverage and enhanced tamper protection.

Sophos already supports the widest range of platforms on the market and this latest release has virtualization covered as well by supporting Microsoft Hyper-V and VMWare's vSphere operating system.

Version 9.5 also comes equipped with enhanced Tamper Protection that prevents users - be it intentional or unintentional - from uninstalling or disabling security features such as anti-virus, client firewall, and updating on their computer.

Availability and Pricing

Sophos Endpoint Security and Data Protection 9.5 is sold on a per user subscription license - multi-year discounts can be applied - and includes product upgrades, updates, and 24x7x365 technical support. Premium and Platinum Support are available for an additional fee. Sophos Endpoint Security and Data Protection customers can upgrade for free.