Sophos UTM Elevated 9.4


Welcome to the Sophos UTM "Elevated" 9.4 (Sophos Standstorm)
Next-generation advanced threat defense made simple

Sophos leads the security industry in fighting advanced malware using highly effective technologies such as real-time JavaScript emulation and behavioral analysis. While conventional anti-malware protection is still important as a first line of defense, organizations need additional tools to combat today’s targeted malware.

Sophos Sandstorm is an advanced persistent threat (APT) and zero-day malware defense solution that complements Sophos security products. It quickly and accurately detects, blocks, and responds to evasive threats that other solutions miss, by using powerful, cloud-based, next-generation sandbox technology.


Elevated Protection

Sophos UTM 9.4 is one of the first Sophos products to offer our advanced next-gen cloud sandboxing technology.

Sandstorm provides a whole new level of targeted attack protection, visibility and analysis. It can quickly and accurately identify evasive threats before they enter your network. Sandstorm is:

  • Easy to try, deploy and manage
  • Effective at blocking evasive threats
  • Simple and powerful cloud-based protection

We Keep it Simple

Sophos Sandstorm is fully integrated into your Sophos security solution. Simply update your subscription, apply the Sandstorm policy and you’re protected instantly against targeted attacks. You will be up and running in minutes.


Block evasive threats that others don’t see

Detect unknown threats specifically designed to evade first-generation sandbox appliances. Our full-system emulation approach provides the deepest level of visibility into the behavior of unknown malware and the detection of malicious attacks that others simply miss.


Deep forensic reporting

Accelerate response to advanced threats with simple incident-centric breach analysis. We provide you with prioritized APT intelligence by correlating the evidence. This approach both reduces noise and saves you time.


Comprehensive analysis

Determine potential threat behavior across all your end user devices and critical infrastructure. This includes your operating systems (Windows, Mac OS X, and Android); physical and virtual hosts; services; users; network infrastructure; and web, email, file, and mobile applications. Safely detonate threats in the Sandstorm cloud, isolating your datacenters from dangerous malware.




Lightning performance

Your Sophos security solution accurately pre-filters traffic, so only suspicious files are submitted to Sandstorm, ensuring minimal latency and end user impact.


How it Works

  • The Sophos security solution scans files against all conventional security checks (e.g., anti-malware signatures, bad URLs, etc.). If the file is executable or has executable content and is not downloaded from a safe website, the file is treated as suspicious. The Sophos security solution sends the suspicious file hash to Sophos Sandstorm to determine if it has been previously analyzed.
  • If the file hash has been previously analyzed, Sophos Sandstorm passes the threat intelligence to the Sophos security solution. Here, the file is delivered to the user’s device or blocked, depending on the information provided by Sophos Sandstorm.
  • If the hash has not been seen before, a copy of the suspicious file is sent to Sophos Sandstorm. Here, the file is detonated and its behavior is monitored. Once fully analyzed, Sophos Sandstorm passes the threat intelligence to the Sophos security solution. Again, the file is delivered to the user’s device or blocked, depending on the information provided by Sophos Sandstorm.
  • The Sophos security solution uses the detailed intelligence supplied by Sophos Sandstorm to create deep forensic reports on each threat incident.