Sophos: Predictive protection is future of IT security

Anthony Wai, senior technology solutions director for Asia Pacific and Japan, Sophos

Sophos has recently introduced deep learning capability to its newest version of Intercept X, a powerful engine that adds another layer of security on top of traditional endpoint protection software.

Introducing the new feature in Hong Kong, local Sophos executives said deep learning is the future of enterprise security.

“What we are doing here is looking into the future of how we protect the IT landscape even if we haven’t met the threat before,” said Anthony Wai, senior technology solutions director for Asia Pacific and Japan, Sophos. “Out of some 400,000 malware samples that Sophos’ UK Lab receives every day, 75% are unknown attacks. We need new technologies such as machine learning to help detect unknown malicious files.”

“Predictive protection is the future of IT security,” Wai said. “Being able to protect against the next unknown attack instead of waiting for it to arrive will change the way companies in Hong Kong can protect their users and assets.”

Unlike existing machine learning tools used by other security vendors, Intercept X uses neural networks that have the ability to process hundreds of millions of samples at one time. As this machine learning model uses less than 20M, it does not require massive computing power.

“The more malware samples you feed into the model, the better the detection rate is,” Wai said, and with its deep learning capability, the accuracy of detection further improved over time.

In a six-week period comparing Intercept X with other machine-learning endpoint security conducted by SophosLabs, Wai said Intercept X is 26% better than its rivals at detecting previously unseen malware.

Meanwhile, Tony Palmer, senior validation analyst with the Enterprise Strategy Group (ESG), observed that traditional machine learning models depend on expert threat analysts to select the attributes with which to train the model, adding a subjective human element.

“They also get more complex as more data is added, and these gigabyte-sized models are cumbersome and slow. These models may also have significant false positive rates which reduce IT productivity as admins try to determine what is malware and what is legitimate software," Palmer said.

In contrast, he added, the deep learning neural network of Intercept X is designed to learn by experience, creating correlations between observed behavior and malware. These correlations result in a high accuracy rate for both existing and zero-day malware, and a lower false-positive rate

“ESG Lab analysis reveals that this neural network model scales easily, and the more data it takes in, the smarter the model becomes. This enables aggressive detection without administrative or system performance penalty,” Palmer said.

The latest version of Intercept X with the deep learning function is available through the cloud-based platform Sophos Central. Currently, there are more than 100 enterprises running Intercept X in Hong Kong, about 70% of them are SMEs, according to Sophos.

“Traditional endpoint protection alone is not enough,” Wai said. “Our latest survey of 2,700 enterprises in 10 countries showed 77% of organizations have been hit by ransomware running up-to-date endpoint security at the time of the attack.”