Sophos bets on AI for protection
By Dzof Azmi December 26, 2018
- AI-powered protection is what’s needed to keep smarter attackers at bay
- Protects by analysing behaviour, instead of matching virus signatures
SOPHOS has an unusual proposition for its customers: An endpoint protection smart enough to protect users from threats that don't even exist yet.
"We leverage on that machine learning engine and apply it to our endpoint defence," said Anthony Wai, Sophos Asia-Pacific and Japan senior technology solutions director.
That technology has manifested itself in a product suite called Intercept X which recently won the Computing's Security Excellence Award for Security Innovation of the Year. Wai says that the latest developments in IT security have made a product like this necessary.
"Since 2009 we also see a shift in the how malware works," explained Wai. "In the past it was doing a single thing; Nowadays it's always trying to do multiple things."
Learning from 400,000 malware samples a day
Wai explained that the objective of the attackers is not to cause havoc and damage, but to steal data and monetise it. As a result, stealth is a requirement, as well as flexibility.
"Once it gets into one of the systems they will try to command and control and try to download more malware," said Wai.
Wai also explained that Intercept X's AI relies strongly on examining current trends, dependinhg heavily on Sophos Labs, which collects approximately 400,000 samples of suspicious code per day. "The more samples you give it, the better the training."
What the AI tries to do is identify suspicious behaviour, using the samples of malware as a learning set. "Instead of chasing after the signature we trace the technique," explained Wai.
For example, a feature called crypto guard designed specifically to combat ransomware monitors when files are encrypted on the target machine. "We quickly make copies of it to back it up and then, if it is not a legitimate encryption product or software we stop the encryption process and then we roll back the changes."
Building capability in machine learning
This development in Sophos technology-wise should not come as a surprise given its recent pattern of acquisitions.
In 2015, Sophos acquired SurfRight, a company specialising in signature-less endpoint threat detection, for US$31.8 million.
The next year in 2016, they acquired Barricade for an unspecified amount. This is a company whose products use machine learning and AI to improve rule-based detection.
Then, in early 2017, they acquired Invincea for over US$100 million, adding another company with a speciality in AI, this time using deep learning neural-networks to prevent unknown malware attacks.
In November, Sophos announced year-on year-revenues had increased 17.8% to US$349.5 million, with a profit of US$25 million. Nevertheless, shares fell in response to a downgrade in billings forecast.