Sophos has added a dynamic cloud-based threat analysis and blocking capability called Live Protection to its endpoint software for anti-malware and intrusion-detection defence.
Sophos Endpoint Security and Data Protection 9.5, expected to ship at the end of June, will benefit from a live URL monitoring and blocking capability that can warn users about accessing dangerous malware-laden content on websites. Administrators can configure the security software to warn the user or block access to potentially dangerous content. "Our advice would be to block," says Rainer Gawlick, Sophos' chief marketing officer.
"Even legitimate sites get infections," he adds. The Live Protection capability can filter URLs, and when a program starts running for the user, "we check against the blacklist. Now if something didn't show up on the blacklist, but seems to be behaving suspiciously, we'll do a cloud-based lookup," Gawlick says. This Sophos Live Anti-Virus feature and runtime behaviour detection can potentially stop zero-day threats by examining files before they execute.
The updated Sophos endpoint software also includes host-based intrusion protection.
Cloud-based malware protection is a growing trend among traditional anti-virus companies, with competitors including Trend Micro, Symantec and McAfee all detailing separate approaches involving web-oriented intercession.