Contact Us




Change Locale

HIPS: Protecting Against The Modern Zero-Day Threat [Sophos]

Enterprise Software | Posted on August 28, 2012 by Stephen Perciballi

Long gone is the perceived image of the malware perpetrator as an outcast-teenager sitting in his parent’s basement. Today’s internet thieves are more organized and technically savvy than ever.

Years ago, security threats were simpler. There were Trojans, worms, and rootkits – and the differences between each were clear.  Now known collectively as “malware”, the differences between these sophisticated threats have become blurred. The threats your organization faces today are fast-moving and targeted, and you require equally sophisticated protection to stop malware before a specific detection update can be released.

Have you met HIPS?

A Host Intrusion Prevention System (HIPS) is an installed software package which monitors a single host for suspicious activity. Unlike traditional antivirus applications which scan every file and program for infection, HIPS monitors registry entries, startup folders and other vulnerable system areas. It aims to stop malware before a specific detection update is released by monitoring the behavior of code. A classification of intrusion prevention systems, HIPS alerts the user if a virus is trying to run on the user’s computer or if a hacker has gained access to the user’s computer. Not only can they find known virsus, but also unknown, zero-day threats.

What Makes for An Ideal HIPS Solution?

For the most comprehensive and effective protection for your enterprise, look for these qualities in your HIPS offering:

  • It doesn’t rely on signatures. As modern malware has become so sophisticated, comprehensive security solutions should use a combination of signature and behavioral-based detection techniques. Those that rely on just signature-detection frequently encounter “false positives” i.e. they label perfectly legitimate programs as malware.
  • Provides central administration capabilities. It can be really difficult to manage constant updates or policies, or to create a consolidated report at the individual desktop level.
  • Works with your existing configuration. Some HIPS solutions may be restrictive in terms of what programs or processes they are able to monitor and protect. Try to find a HIPS that is capable of handling both commercial programs as well as any homegrown custom applications you may be using.

Cover All Your Bases with Layered HIPS Detection

Sophos Complete Security Suite is a complete security solution that includes encryption, web filtering and patch assessment. Able to detect over 85 percent of unknown threats, the system incorporates Sophos HIPS which combines four unique layers of detection to determine the functionality of the code and behavior it is likely to exhibit. As scanning is performed within Sophos’ antivirus engine, there are no additional components to deploy.

Unlike most behavior-based detection systems, there’s no need to train or fine tune analysis –Sophos Labs experts do that for you!

Sophos HIPS ensures rapid intervention and prevention systems through the use of two-staged, four-layered detection:

1. Pre-execution: Behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious.

a. Behavior Genotype protection scans the functionality of the code, or the behavior it is likely to exhibit, without actually running the code.
b. Suspicious file detection identifies files that are very likely to be malicious through behavior analysis.

2Runtime: Intercepts threats that cannot be detected before execution.

a. Suspicious behavior detection watches all system processes for signs of active malware, such as suspicious writes to the registry or file copy actions.
b. Buffer overflow detection catches attacks targeting security vulnerabilities in both operating system software and applications.

Have you heard of HIPS before? Is a HIPS solution something you’re actively looking at? Sound off in the comments below with any questions. Our team is standing by to help. And for more information about Sophos products, check out the Sophos Brand Store at

Related Articles

Cloud | May 25, 2020 by Softchoice Advisor

The Softchoice Virtual Discovery Expo (VDX) 2020 has now wrapped. Over 2,000 people registered to hear from Softchoice and our exhibitor partners about the areas driving their digital transformation today. This year, our full-day virtual tech expo happened in a much different context than the inaugural event in 2019. Attendees took away an important message: […]

In the initial response to COVID-19 most organizations focused on enabling and stabilizing remote access, collaboration, security and network capabilities. As new financial pressures present themselves, leaders in every vertical are now looking for immediate steps they can take to reduce spending. The Spiceworks State of IT Report 2020 finds that software and cloud-based services […]

Enterprise Software | October 31, 2019 by Akhil Vishwanath

Before Jumping into AI, Conquer Your Data & Analytics Why is it that of all the thousands of artificial intelligence (AI) use cases being considered today, only 5% are in production? Because too many companies jump into AI without planning. They jump straight from identifying a business requirement to data modeling. They skip the steps […]