Sophos Behavioral Genotype is a powerful technology that is able to detect malicious behaviour even before specific signature-based detection has been issued. This provides zero-day protection to all customers using Sophos’ web, email, endpoint security and control, and OEM products.
Traditionally, protection against malware and spam was created by security vendors collecting samples, and then developing specific signatures. Today this method is simply too slow and inadequate as there are too many targeted threats and they mutate too rapidly. The only answer against these threats is to stop them pre-emptively and this is what Sophos Behavioral Genotype Technology does.
How does the Sophos Behavioral Genotype Technology work?
It identifies malware or spam, even where the particular sample has never been seen before, by recognizing and extracting “genes” (or components of behavior). It then identifies the combinations of these genes (genotypes) that distinguish malware and spam from legitimate applications and messages. Extracted genes are combined to create a genotype using a finely tuned scoring system. By identifying genes from all the malware it has ever collected, SophosLabs™ can identify the characteristics and combinations of genes that appear in malware. It compares this information with data about the genes that are seen in known good files and in this way, minimizes the risk of false positives.
The Sophos Behavioral Genotype Technology rules and detection are configured and maintained by SophosLabs. No additional configuration is required, which means that there is no overhead on administrators' or users' time.
Proactive malware detection
Sophos Behavioral Genotype Technology:
- Protects against unknown or zero-day malware, including variants of known and unknown threat families
- Extracts and analyzes genes, comparing against known bad genes, known bad content and bad behaviour
- Uses pre-execution analysis to detect threats without letting the code run, avoiding the risk of partial infection and damage
- Uniquely provides pre-execution protection at the email and web gateway, as well as at the endpoint.
The approach we have adopted ensures that all Sophos customers receive the best protection against both the wide variety and the volume of today's threats whilst at the same time maximising performance and minimising footprint.
Independent tests from av-test.org and Virus Bulletin have shown that Sophos Genotype Technology is the leading proactive protection in the industry. See: