Sophos Client Firewall is a centrally-managed firewall designed to be deployed within enterprise environments. With this software component of Sophos Endpoint Security and Data Protection, endpoints are protected from known and unknown threats, including worms and hackers, with technologies like port blocking.
This highly-customizable client firewall is very robust and location-aware, and enables security administrators to simultaneously protect desktops, laptops and roaming users. Sophos Client Firewall is also proactive, to protect against application hijacking and impersonation. Intrusion is also preventing by hiding endpoints from hackers, further protecting against data theft and protecting confidentiality.
Sophos Host Intrusion Protection System (HIPS) included with its Endpoint Security and Data Protection software helps provide automatic and effective zero-day protection. This HIPS system delivers proactive protection without a complex installation and configuration process, scanning for new and targeted threats automatically within Sophos Endpoint Security and Data Protection without requiring any additional software components.
Behavioral Genotype® Protection: Genotype Protection guards against unknown malware by analyzing behavior before code executes. Tuned to detect variants, families and large categories of malware, it uses pre-execution scanning to determine the functionality of the code, and the behavior it is likely to exhibit, without allowing the code to run, enabling detection of zero-day threats without the need for signature updates.
Suspicious file detection: Suspicious file detection identifies files that are highly likely to be malicious by determining what the behavior of a file would be if the file were to be run. This detection provides the benefits of a traditional runtime behavior-based system without impacting system performance, or the inherent security issue of allowing a file to run before detection takes place.
3. Suspicious behavior detection: Watching for signs of malware, like suspicious writes to the registry or file copies, this layer of detection watches system processes, and can warn the administrator and/or block the process. With this type of detection, there is no need to train or fine tune analysis, as SophosLabs experts do the fine tuning.
4. Buffer overflow detection: Buffer overflow attacks are reported when an attempt is made to exploit a running process using buffer overflow techniques, to catch attacks targeting security vulnerabilities in operating system software and applications.