BOSTON — Sophos on Thursday brought 300 customers and partners together at the Revere Hotel for a look at the future of cybersecurity. Dan Schiappa, general manager and SVP of the end user and network security groups, headlined the event and expanded on several announcements.
Sophos is among a select group of suppliers that is recognized by analysts as doing significant, and fairly balanced, business in both network and end-user security.
“Matter of fact, we’re the only one,” said Schiappa, referring to the ability of Sophos’ endpoint and network products to communicate directly and report results in a single dashboard.
On the network side, he called out recent advancements in the XG Firewall, including a policy simulator to test web and firewall rules before pushing them live on a customer site, as well as new hardware options. More on Version 17 here.
On the road map are up to 200 percent better performance, improved SSL inspection, support for IoT security, synchronization across the physical and virtual appliances, ability to scale up for larger enterprises, device provisioning, a CASB and lateral-movement detection.
On the end-user front, Sophos announced Thursday deep-learning-driven detection in its Intercept X Early Access next-generation malware blocker to enable it to better stop both known and unknown ransomware variants. The technology, based on Sophos’ acquisition of Invincea earlier this year, can be controlled through the Sophos Central cloud-based management platform.
Kendra Krause, vice president of global channels, told Channel Partners that Intercept X is Sophos’ fastest-growing product, contributing to a 40 percent Q316 increase in the number of global partners selling its endpoint and network products.
That spend reflects that almost half (47 percent) of all attacks are some version of ransomware, according to Sophos.
“There’s a reason for that,” Schiappa said. “It makes a lot of money.”
One factor driving the continued success of these attacks – along with bitcoin and the ransomware-as-a-service business model – is that ransom malware is constantly morphing and may even be customized on the fly for specific customers.
“Seventy-five percent of all malware is unique and specific to the organization it is targeted to,” said Schiappa.
That means protecting customers requires a more advanced strategy than legacy, signature-based antivirus technology — and it’s where predictive intelligence that can discern intent comes in.
“I don’t care what malware they’re using, I just want to deny the technique,” said Schiappa. “To do that requires AI and machine learning.”
One advantage for defenders is that there are only a few dozen exploit techniques – such as a heap spray or memory corruption – that attackers use to take a nascent intrusion to the next level. Schiappa likened deep learning to how the human brain works, sorting through a range of possibilities to come to a conclusion.
“Is an executable benign or malicious?” he said, “That’s all we want to know.”
Sophos makes that judgment by training systems with large, vetted data sets of both types of executables. Such deep learning is a branch of machine learning and artificial intelligence that leverages an artificial neural network to build a model that can make such predictions with speed. Intercept X is trained on hundreds of millions of samples to detect whether a file is malicious, potentially unwanted or legitimate.
Importantly, those samples are vetted by Sophos Labs.
“Proper labeling of files is critical to beat the ‘garbage in, garbage out’ syndrome,” said Schiappa. “We have the No. 1 detection rate in the industry.” That’s been validated by third-party labs using independent testbeds, an important point.
All Sophos partners have access to …