Story image

Exclusive Interview - Sophos’ next-level AI security solution

31 Jan 2018

Sophos claims their new cybersecurity offering for SMBs is “the best bar-none” thanks to its comprehensive deep learning AI approach.

ChannelLife sits down with Sophos Australia and New Zealand general manager Ashley Wearne to talk proof, and how partners can gain from this advanced tech.

How does Sophos operate in the A/NZ region?

The only way we go to market is through the channel. Our focus is on distribution to businesses.

Can you talk a bit about Sophos’ new offering?

We have announced a product designed specifically for SMBs and their partners, that we believe is best endpoint protection in the market, bar-none.

Intercept X came out last year to stop ransomware at the same time as the WannaCry attack. As a result, it became the most successful product in Sophos’ history.

Now we have upgraded it again by inserting deep learning neural networks - a type of machine learning that is far more advanced than anything on the market so far.

Now, we’re a British company so normally we say that we have an offering that is quite good, but this time we’re willing to say, "we have the best offering available."

What will this change mean for channel partners?

It is a fantastic opportunity as our software sits alongside current solutions to increase clients' security. You don’t need to rip out your old systems for it to work.

75% of those attacked are running up-to-date endpoint protection and are still hit by ransomware. Those products clearly aren’t working.

People know what ransomware is and 80% of people surveyed believe that they will be hit. That’s a huge client market.

How can channel partners capitalise on this product?

This is a very simple product to use and sell because we know that it won’t make money if it is complicated. A customer can click on a link for a 30-day trial and it just installs the trial there and then.

The partner can see how it is working from their office so they can use that information at the end of the trial. Once the trial is completed, the customer pays online and it’s done. It is as simple to sell and install as possible.

We know this is a good model because it is building on the success of the prior version of Intercept.

Our approach is all designed for partners to answer their clients' questions and to make them money.

It seems like AI has only just hit the cybersecurity market. How is deep learning AI different to other ‘next-gen’ offerings?

Machine learning in the past has been clumsy and large because it works using a series of decision trees.

It takes 100-500 milliseconds to figure out which files are potentially good or bad and results in a 500MB-1GB file. With our offering, we’re talking about 10 milliseconds and 10MB-20MB.

The old machine learning also provided a lot of false positives and blocked too much. What we did was load up all previous attacks and fed it to the software.

You loaded up all the attacks since when?

Well, ever. We loaded every attack that has ever been seen.

We have a big research department that went through and labelled these attacks very accurately. We have identified 27 fundamental techniques that hackers use and our new approach identifies these techniques and stops hackers and ransomware, as well as malware.

Is this an extension of the current models of machine learning in cybersecurity?

This is the next generation. The current models have limitations, they become ineffective quickly and so we knew we needed something different.

That’s why we looked at deep learning, which was already being used by Google and Microsoft in a variety of different ways.

The trouble is that it initially consumes immense amounts of data, so our advantage was our computing power and space to run data during production at Sophos, which produced the algorithms that sit on a computer. It’s actually quite spooky some of the things that it can do.

Could you describe one of these spooky things?

After one day we already have 130,000 endpoints running this product, and in one day it has already picked up more than a dozen cases of a DoublePulsar attack, which is tool a used by the NSA and stolen by hackers last year. The software had never seen that attack before and is already able to prevent it.

50% of companies were hit by ransomware last year. Of those, most were attacked twice. A lot of people have to pay which generates huge amounts of revenue for hackers and that’s why it will continue to be a threat.

This tool will stop ransomware, other exploit utilisation, as well as attacks that have never been seen before.

That’s bold statement.

It is. A bold statement from a bashful company.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.