Articles >

Sophos HIPS: Protecting Against Zero-Day Threats

Sophos

What is Hips?

Today’s fast-moving and targeted threats require protection to stop malware before a specific detection update can be released. A Host Intrusion Prevention System (HIPS) aims to stop malware before a specific detection update is released by monitoring the behavior of code. Many HIPS solutions monitor code when it runs and intervene if the code is deemed to be suspicious or malicious.

Our technology, pioneered by SophosLabs, uniquely analyzes the behavior of code at two stages:

• Pre-execution: Behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious
• Runtime: Runtime detection intercepts threats that cannot be detected before execution

Layered HIPS detects over 85% of unknown threats

Their innovative behavior-based HIPS combines four layers of detection that use pre-execution and runtime analysis to determine the functionality of the code and the behavior it is likely to exhibit.

Scanning is performed within Sophos’s antivirus engine, and there are no additional components to deploy. This system is capable of detecting over 85% of unknown threats(Cascadia Labs).

Faster, better protection without administrative overhead

Unlike other behavior-based detection, their system doesn’t require training or fine-tuning by the administrator. As experts in malware behavior, SophosLabs takes care of fine-tuning behavior analyses and rapidly validates our rule sets against terabytes of legitmate code, eliminating false positives.

This system is incorporated into Sophos Endpoint Security and Data Protection, a uniquely low-administration solution, unrivalled among other behavior-based detection products.