Sophos has added a cloud-based threat analysis and blocking capability called Live Protection to its endpoint software for anti-malware and intrusion-detection defense.
Sophos has added a dynamic cloud-based threat analysis and blocking capability called Live Protection to its endpoint software for anti-malware and intrusion-detection defense.
Sophos Endpoint Security and Data Protection 9.5, expected to ship at the end of June, will benefit from a live URL monitoring and blocking capability that can warn users about accessing dangerous malware-laden content on Web sites. Administrators can configure the security software to warn the user or block access to potentially dangerous content. "Our advice would be to block," says Rainer Gawlick, Sophos chief marketing officer.
"Even legitimate sites get infections," he adds. The Live Protection capability can filter URLs, and when a program starts running for the user, "we check against the blacklist. Now if something didn't show up on the blacklist, but seems to be behaving suspiciously, we'll do a cloud-based lookup," Gawlick says. This Sophos Live Anti-Virus feature and runtime behavior detection can potentially stop zero-day threats by examining files before they execute.
The updated Sophos endpoint software also includes host-based intrusion protection.
Cloud-based malware protection is a growing trend among traditional anti-virus companies, with competitors including Trend Micro, Symantec and McAfee all detailing separate approaches involving Web-oriented intercession.
Sophos Endpoint Security and Data Protection 9.5 costs $68.50 per user for a three-year license, including round-the-clock support, for 1,000 users.