Story image

Exclusive Interview - Sophos’ next-level AI security solution

31 Jan 18

Sophos claims their new cybersecurity offering for SMBs is “the best bar-none” thanks to its comprehensive deep learning AI approach.

ChannelLife sits down with Sophos Australia and New Zealand general manager Ashley Wearne to talk proof, and how partners can gain from this advanced tech.

How does Sophos operate in the A/NZ region?

The only way we go to market is through the channel. Our focus is on distribution to businesses.

Can you talk a bit about Sophos’ new offering?

We have announced a product designed specifically for SMBs and their partners, that we believe is best endpoint protection in the market, bar-none.

Intercept X came out last year to stop ransomware at the same time as the WannaCry attack. As a result, it became the most successful product in Sophos’ history.

Now we have upgraded it again by inserting deep learning neural networks - a type of machine learning that is far more advanced than anything on the market so far.

Now, we’re a British company so normally we say that we have an offering that is quite good, but this time we’re willing to say, "we have the best offering available."

What will this change mean for channel partners?

It is a fantastic opportunity as our software sits alongside current solutions to increase clients' security. You don’t need to rip out your old systems for it to work.

75% of those attacked are running up-to-date endpoint protection and are still hit by ransomware. Those products clearly aren’t working.

People know what ransomware is and 80% of people surveyed believe that they will be hit. That’s a huge client market.

How can channel partners capitalise on this product?

This is a very simple product to use and sell because we know that it won’t make money if it is complicated. A customer can click on a link for a 30-day trial and it just installs the trial there and then.

The partner can see how it is working from their office so they can use that information at the end of the trial. Once the trial is completed, the customer pays online and it’s done. It is as simple to sell and install as possible.

We know this is a good model because it is building on the success of the prior version of Intercept.

Our approach is all designed for partners to answer their clients' questions and to make them money.

It seems like AI has only just hit the cybersecurity market. How is deep learning AI different to other ‘next-gen’ offerings?

Machine learning in the past has been clumsy and large because it works using a series of decision trees.

It takes 100-500 milliseconds to figure out which files are potentially good or bad and results in a 500MB-1GB file. With our offering, we’re talking about 10 milliseconds and 10MB-20MB.

The old machine learning also provided a lot of false positives and blocked too much. What we did was load up all previous attacks and fed it to the software.

You loaded up all the attacks since when?

Well, ever. We loaded every attack that has ever been seen.

We have a big research department that went through and labelled these attacks very accurately. We have identified 27 fundamental techniques that hackers use and our new approach identifies these techniques and stops hackers and ransomware, as well as malware.

Is this an extension of the current models of machine learning in cybersecurity?

This is the next generation. The current models have limitations, they become ineffective quickly and so we knew we needed something different.

That’s why we looked at deep learning, which was already being used by Google and Microsoft in a variety of different ways.

The trouble is that it initially consumes immense amounts of data, so our advantage was our computing power and space to run data during production at Sophos, which produced the algorithms that sit on a computer. It’s actually quite spooky some of the things that it can do.

Could you describe one of these spooky things?

After one day we already have 130,000 endpoints running this product, and in one day it has already picked up more than a dozen cases of a DoublePulsar attack, which is tool a used by the NSA and stolen by hackers last year. The software had never seen that attack before and is already able to prevent it.

50% of companies were hit by ransomware last year. Of those, most were attacked twice. A lot of people have to pay which generates huge amounts of revenue for hackers and that’s why it will continue to be a threat.

This tool will stop ransomware, other exploit utilisation, as well as attacks that have never been seen before.

That’s bold statement.

It is. A bold statement from a bashful company.