How does Sophos protect against file-less attacks?

The correct choice focuses on the approach Sophos takes to combat file-less attacks, which are increasingly common and do not rely on traditional files or signatures to execute malicious behavior. Rather than depending solely on identifying known malware through file signatures, Sophos employs behavior-based analysis to detect anomalies and potentially harmful actions in real-time. This method allows the system to recognize malicious activity that may be occurring in memory or through scripts, which is often a hallmark of file-less attacks.

By observing the behavior of processes and applications, Sophos can identify threats based on how they function, rather than just what files they might use. This behavioral analysis is critical, as file-less attacks often evade traditional detection methods by not leaving behind typical file-based artifacts. Thus, Sophos's ability to analyze behavior situates it as a robust solution against such evolving threats and enhances the overall security posture by providing proactive defense mechanisms.

The other options do not effectively address the nature of file-less attacks. Encrypting all file data, for example, provides confidentiality but doesn’t prevent file-less execution. Regularly updating file signatures helps with traditional malware but isn’t relevant to file-less attack detection. Blocking network traffic from suspicious sources can serve as a part of an overall security strategy, but it