The company announced the cloud-based 'Live Protection' system as part of the new version of its all-in-one business security client, Endpoint Data Protection 9.5.
PCs running the software still use local signature databases but in the event that the threat engine detects a file with suspicious design, or simply one it cannot classify, it can now reach out to the cloud database as a second line of checking. Files are quarantined until identified.
The premise of cloud intelligence systems such as this is that the database represents the the sum of the files seen by all its contributors, which in this case is all the subscribers to Sophos's antivirus products. This is supposed to increase the reach of its detection, not only to help spot unusual malware but to avoid the traditional bane of fingerprinting systems, false positives.
Sophos has also added a new URL filtering system based on live lookup, which analyses every URL entered in a browser. The company claims this can be done without any performance hit and would be especially useful when connecting in public places not protected by corporate systems.
“More and more people are working outside the office without using the VPN,” said Sophos product specialist, Jonathan Tait. “IT teams pay security companies to protect them from bad stuff, but many vendors leave customers to decide what to do with suspicious files,” he said.
Version 9.5 also extends the software's support for Microsoft Hyper-V and VMWare's vSphere
Cloud intelligence is undoubtedly the future of antivirus software because it will, in due course, make plausible application whitelisting. Live lookup of URLs is another feature that will creep into antivirus software in the coming months.
Consumer and business security company Panda Security already uses a cloud-based collective fingerprinting system.