Contact Us




Change Locale

HIPS: Protecting Against The Modern Zero-Day Threat [Sophos]

Enterprise Software | Posted on August 28, 2012 by Stephen Perciballi

Long gone is the perceived image of the malware perpetrator as an outcast-teenager sitting in his parent’s basement. Today’s internet thieves are more organized and technically savvy than ever.

Years ago, security threats were simpler. There were Trojans, worms, and rootkits – and the differences between each were clear.  Now known collectively as “malware”, the differences between these sophisticated threats have become blurred. The threats your organization faces today are fast-moving and targeted, and you require equally sophisticated protection to stop malware before a specific detection update can be released.

Have you met HIPS?

A Host Intrusion Prevention System (HIPS) is an installed software package which monitors a single host for suspicious activity. Unlike traditional antivirus applications which scan every file and program for infection, HIPS monitors registry entries, startup folders and other vulnerable system areas. It aims to stop malware before a specific detection update is released by monitoring the behavior of code. A classification of intrusion prevention systems, HIPS alerts the user if a virus is trying to run on the user’s computer or if a hacker has gained access to the user’s computer. Not only can they find known virsus, but also unknown, zero-day threats.

What Makes for An Ideal HIPS Solution?

For the most comprehensive and effective protection for your enterprise, look for these qualities in your HIPS offering:

  • It doesn’t rely on signatures. As modern malware has become so sophisticated, comprehensive security solutions should use a combination of signature and behavioral-based detection techniques. Those that rely on just signature-detection frequently encounter “false positives” i.e. they label perfectly legitimate programs as malware.
  • Provides central administration capabilities. It can be really difficult to manage constant updates or policies, or to create a consolidated report at the individual desktop level.
  • Works with your existing configuration. Some HIPS solutions may be restrictive in terms of what programs or processes they are able to monitor and protect. Try to find a HIPS that is capable of handling both commercial programs as well as any homegrown custom applications you may be using.

Cover All Your Bases with Layered HIPS Detection

Sophos Complete Security Suite is a complete security solution that includes encryption, web filtering and patch assessment. Able to detect over 85 percent of unknown threats, the system incorporates Sophos HIPS which combines four unique layers of detection to determine the functionality of the code and behavior it is likely to exhibit. As scanning is performed within Sophos’ antivirus engine, there are no additional components to deploy.

Unlike most behavior-based detection systems, there’s no need to train or fine tune analysis –Sophos Labs experts do that for you!

Sophos HIPS ensures rapid intervention and prevention systems through the use of two-staged, four-layered detection:

1. Pre-execution: Behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious.

a. Behavior Genotype protection scans the functionality of the code, or the behavior it is likely to exhibit, without actually running the code.
b. Suspicious file detection identifies files that are very likely to be malicious through behavior analysis.

2Runtime: Intercepts threats that cannot be detected before execution.

a. Suspicious behavior detection watches all system processes for signs of active malware, such as suspicious writes to the registry or file copy actions.
b. Buffer overflow detection catches attacks targeting security vulnerabilities in both operating system software and applications.

Have you heard of HIPS before? Is a HIPS solution something you’re actively looking at? Sound off in the comments below with any questions. Our team is standing by to help. And for more information about Sophos products, check out the Sophos Brand Store at

Related Articles

Enterprise Software | October 10, 2019 by Susana Byun

With hundreds of VMware ELA negotiations under our belt, we decided to shed some light on the situation. Below you will find a high-level summary of a recent webinar hosted by our VMware experts

Moving to SAP HANA is a lot like moving to a new home. The destination is exciting, but the process of moving isn’t. For most enterprises, migration brings significant difficulties. It’s tempting to just put it off.

Enterprise Software | June 3, 2019 by Susana Byun

Signing up for the VMware Enterprise Licensing Agreement (VMware ELA) is a major undertaking, one that comes with many questions and considerations.