Sophos HIPS: protecting against zero-day threats Effective protection fine-tuned by SophosLabs for you

SophosLabs™ develops the pioneering technology built into our products.
Our HIPS technology uses 4 layers of integrated detection to stop zero-day threats
- without the need for complex configuration.

Overview
Layers of detection

What is HIPS?

Today's fast-moving and targeted threats require protection to stop malware before a specific detection update can be released. A Host Intrusion Prevention System (HIPS) aims to stop malware before a specific detection update is released by monitoring the behavior of code. Many HIPS solutions monitor code when it runs and intervene if the code is deemed to be suspicious or malicious.

Our technology, pioneered by SophosLabs, uniquely analyzes the behavior of code at two stages:

Pre-execution: Behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious
Runtime: Runtime detection intercepts threats that cannot be detected before execution.

Layered HIPS detects over 85% of unknown threats

Our innovative behavior-based HIPS combines 4 layers of detection that use pre-execution and runtime analysis to determine the functionality of the code, and the behavior it is likely to exhibit.

Scanning is performed within Sophos's anti-virus engine, and there are no additional components to deploy. This system is capable of detecting over 85% of unknown threats (Cascadia Labs).

Read more about HIPS detection

Faster, better protection without administrative overhead

Unlike other behavior-based detection, our system doesn't require training or fine-tuning by the administrator. As experts in malware behavior, SophosLabs takes care of fine-tuning behavior analyses and rapidly validates our rule sets against terabytes of legitmate code, eliminating false positives.

This system is incorporated into Sophos Endpoint Security and Control, a uniquely low-administration solution, unrivalled among other behavior-based detection products.

Storm worm stopped

Mark Harris, Global Director of SophosLabs, demonstrates the power of Sophos HIPS in stopping the Storm worm, detailing how one single Sophos HIPS identity detected nearly 5000 unique variants.

Read the article

Award-winning detection

The expertise at SophosLabs has been recognized by independent testing organizations. Recognized bodies such as ICSA Labs, West Coast Labs, and Virus Bulletin have all certified Sophos.

See awards and certifications

Safer computing practices

SophosLabs is committed not only to providing swift global responses to the latest threats, but also to education on safer computing practices to guard against malware.

Technical papers

Lab experts have written and presented a range of papers for system administrators and security specialists.

Read our technical papers

In this section