Sophos is a developer and vendor of security software and hardware, providing endpoint, encryption, email, web, mobile and network security as well as Unified Threat Management products. Sophos is largely focused on providing security to organisations and businesses.
Sophos began producing its first antivirus and encryption products in 1985.
Sophos is a privately owned British-American company and is co-headquartered in England, UK and Burlington, Massachusetts, USA. The company has subsidiaries in Australia, Canada, France, Germany, Italy, Japan, Singapore and Spain. The company has grown to more than 1,700 employees working in dozens of countries around the world.
Next-generation advanced threat defense made simple
Sophos leads the security industry in fighting advanced malware using highly effective technologies
protection is still important as a first line of defense, organizations need additional tools to combat
today’s targeted malware.
Sophos Sandstorm is an advanced persistent threat (APT) and zero-day malware defense solution
that complements Sophos security products. It quickly and accurately detects, blocks, and responds
to evasive threats that other solutions miss, by using powerful, cloud-based, next-generation sandbox
- Seamless integration
with your Sophos
- Up and running in
- Protects against APTs,
unknown malware, and
- Threat intelligence you
can act on
- Granular, incidentcentric
Advanced protection from targeted attacks
Keep unknown data-stealing malware off your network. Powerful, cloud-based, next-generation
sandbox technology means you quickly and accurately detect, block, and respond to APTs and
We keep it simple
Sophos Sandstorm is fully integrated into your Sophos security solution. Simply update your
subscription, apply the Sandstorm policy and you’re protected instantly against targeted attacks.
You'll be up and running in minutes.
Block evasive threats that others don’t see
Detect unknown threats specifically designed to evade first-generation sandbox appliances.
Our full-system emulation approach provides the deepest level of visibility into the behavior of
unknown malware and the detection of malicious attacks that others simply miss.
Deep forensic reporting
Accelerate response to advanced threats with simple incident-centric breach analysis. We provide
you with prioritized APT intelligence by correlating the evidence. This approach both reduces noise
and saves you time.
Determine potential threat behavior across all your end user devices and critical infrastructure.
This includes your operating systems (Windows, Mac OS X, and Android);
physical and virtual
hosts; services; users; network infrastructure; and web, email, file, and mobile applications. Safely
detonate threats in the Sandstorm cloud, isolating your datacenters from dangerous malware.
Your Sophos security solution accurately pre-filters traffic, so only suspicious files are submitted to
Sandstorm, ensuring minimal latency and end user impact.
- Full integration into your Sophos security solution dashboard
- Inspects executables and documents containing executable
- Windows executables (including .exe, .com, and .dll)
- Word documents (including .doc, .docx, docm and .rtf)
- PDF documents
- Archives containing any of the file types listed above (ZIP, BZIP, GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet)
- Supports more than 20 file types
- Dynamic malware behavior analysis runs files in real
- In-depth malicious file reports and dashboard file release
- Average analysis time less than 120 seconds
- Flexible user and group policy options on file
type, exclusions, and actions on analysis
- Comprehensive environment coverage
including Windows, Mac, and Android
- Supports one-time download links
How it Works
- The Sophos security solution scans files against all conventional security checks (e.g., anti-malware signatures, bad URLs, etc.).
If the file is executable or has executable content and is not downloaded from a safe website, the file is treated as suspicious. The
Sophos security solution sends the suspicious file hash to Sophos Sandstorm to determine if it has been previously analyzed.
- If the file hash has been previously analyzed, Sophos Sandstorm passes the threat intelligence to the Sophos security solution.
Here, the file is delivered to the user’s device or blocked, depending on the information provided by Sophos Sandstorm.
- If the hash has not been seen before, a copy of the suspicious file is sent to Sophos Sandstorm. Here, the file is detonated and
its behavior is monitored. Once fully analyzed, Sophos Sandstorm passes the threat intelligence to the Sophos security solution.
Again, the file is delivered to the user’s device or blocked, depending on the information provided by Sophos Sandstorm.
- The Sophos security solution uses the detailed intelligence supplied by Sophos Sandstorm to create deep forensic reports on
each threat incident.