Story image

Exclusive Interview - Sophos’ next-level AI security solution

31 Jan 18

Sophos claims their new cybersecurity offering for SMBs is “the best bar-none” thanks to its comprehensive deep learning AI approach.

ChannelLife sits down with Sophos Australia and New Zealand general manager Ashley Wearne to talk proof, and how partners can gain from this advanced tech.

How does Sophos operate in the A/NZ region?

The only way we go to market is through the channel. Our focus is on distribution to businesses.

Can you talk a bit about Sophos’ new offering?

We have announced a product designed specifically for SMBs and their partners, that we believe is best endpoint protection in the market, bar-none.

Intercept X came out last year to stop ransomware at the same time as the WannaCry attack. As a result, it became the most successful product in Sophos’ history.

Now we have upgraded it again by inserting deep learning neural networks - a type of machine learning that is far more advanced than anything on the market so far.

Now, we’re a British company so normally we say that we have an offering that is quite good, but this time we’re willing to say, "we have the best offering available."

What will this change mean for channel partners?

It is a fantastic opportunity as our software sits alongside current solutions to increase clients' security. You don’t need to rip out your old systems for it to work.

75% of those attacked are running up-to-date endpoint protection and are still hit by ransomware. Those products clearly aren’t working.

People know what ransomware is and 80% of people surveyed believe that they will be hit. That’s a huge client market.

How can channel partners capitalise on this product?

This is a very simple product to use and sell because we know that it won’t make money if it is complicated. A customer can click on a link for a 30-day trial and it just installs the trial there and then.

The partner can see how it is working from their office so they can use that information at the end of the trial. Once the trial is completed, the customer pays online and it’s done. It is as simple to sell and install as possible.

We know this is a good model because it is building on the success of the prior version of Intercept.

Our approach is all designed for partners to answer their clients' questions and to make them money.

It seems like AI has only just hit the cybersecurity market. How is deep learning AI different to other ‘next-gen’ offerings?

Machine learning in the past has been clumsy and large because it works using a series of decision trees.

It takes 100-500 milliseconds to figure out which files are potentially good or bad and results in a 500MB-1GB file. With our offering, we’re talking about 10 milliseconds and 10MB-20MB.

The old machine learning also provided a lot of false positives and blocked too much. What we did was load up all previous attacks and fed it to the software.

You loaded up all the attacks since when?

Well, ever. We loaded every attack that has ever been seen.

We have a big research department that went through and labelled these attacks very accurately. We have identified 27 fundamental techniques that hackers use and our new approach identifies these techniques and stops hackers and ransomware, as well as malware.

Is this an extension of the current models of machine learning in cybersecurity?

This is the next generation. The current models have limitations, they become ineffective quickly and so we knew we needed something different.

That’s why we looked at deep learning, which was already being used by Google and Microsoft in a variety of different ways.

The trouble is that it initially consumes immense amounts of data, so our advantage was our computing power and space to run data during production at Sophos, which produced the algorithms that sit on a computer. It’s actually quite spooky some of the things that it can do.

Could you describe one of these spooky things?

After one day we already have 130,000 endpoints running this product, and in one day it has already picked up more than a dozen cases of a DoublePulsar attack, which is tool a used by the NSA and stolen by hackers last year. The software had never seen that attack before and is already able to prevent it.

50% of companies were hit by ransomware last year. Of those, most were attacked twice. A lot of people have to pay which generates huge amounts of revenue for hackers and that’s why it will continue to be a threat.

This tool will stop ransomware, other exploit utilisation, as well as attacks that have never been seen before.

That’s bold statement.

It is. A bold statement from a bashful company.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.