Zero-day protection is powered by SophosLabs Intelix™, a cloud service that combines machine learning, sandboxing, and research to detect known and unknown threats by analyzing suspicious downloads and email attachments. Sophos Firewall sends new files to SophosLabs Intelix for zero-day protection analysis when they enter your network. Intelix uses layers of analytics to determine the level of risk posed to your network by each file. In addition to blocking risky files, zero-day protection also provides detailed reports of the analysis performed to help you understand the risk.
SophosLabs Intelix uses multiple machine learning models to analyze the characteristics, features, genetics, and global reputation of a file. It compares new files with millions of known good and bad files to determine if the new files are likely to be malicious or not.
Sandbox analysis performs dynamic and static analysis of new files entering your network. This analysis includes deep learning analysis, exploit detection, and CryptoGuard to detect active ransomware encrypting files in real-time. This process also monitors all file, memory, registry, and network activity, and sandbox evasion techniques to protect your network against zero-day threats, such as the latest ransomware and targeted attacks through phishing, spam, or web downloads.