Skip to content
Last update: 2022-03-11

Advanced threat

Advanced threat protection allows you to monitor and analyze all traffic on your network for threats and take appropriate action, for example drop the packets. You can also view Sandstorm activity and the results of any file analysis.


Sandstorm is powered by SophosLabs Intelix™, a cloud service that combines machine learning, sandboxing, and research to detect known and unknown threats by analyzing suspicious downloads and email attachments. Sophos Firewall sends new files to SophosLabs Intelix for Sandstorm analysis when they enter your network. Intelix uses layers of analytics to determine the level of risk posed to your network by each file. In addition to blocking risky files, Sandstorm also provides detailed reports of the analysis performed to help you understand the risk.

Machine learning

SophosLabs Intelix uses multiple machine learning models to analyze the characteristics, features, genetics, and global reputation of a file. It compares new files with millions of known good and bad files to determine if the new files are likely to be malicious or not.

Sandbox analysis

Sandbox analysis performs dynamic and static analysis of new files entering your network. This analysis includes deep learning analysis, exploit detection, and CryptoGuard to detect active ransomware encrypting files in real-time. This process also monitors all file, memory, registry, and network activity, and sandbox evasion techniques to protect your network against zero-day threats, such as the latest ransomware and targeted attacks through phishing, spam, or web downloads.

Back to top