Story image

Exclusive Interview - Sophos’ next-level AI security solution

31 Jan 18

Sophos claims their new cybersecurity offering for SMBs is “the best bar-none” thanks to its comprehensive deep learning AI approach.

ChannelLife sits down with Sophos Australia and New Zealand general manager Ashley Wearne to talk proof, and how partners can gain from this advanced tech.

How does Sophos operate in the A/NZ region?

The only way we go to market is through the channel. Our focus is on distribution to businesses.

Can you talk a bit about Sophos’ new offering?

We have announced a product designed specifically for SMBs and their partners, that we believe is best endpoint protection in the market, bar-none.

Intercept X came out last year to stop ransomware at the same time as the WannaCry attack. As a result, it became the most successful product in Sophos’ history.

Now we have upgraded it again by inserting deep learning neural networks - a type of machine learning that is far more advanced than anything on the market so far.

Now, we’re a British company so normally we say that we have an offering that is quite good, but this time we’re willing to say, "we have the best offering available."

What will this change mean for channel partners?

It is a fantastic opportunity as our software sits alongside current solutions to increase clients' security. You don’t need to rip out your old systems for it to work.

75% of those attacked are running up-to-date endpoint protection and are still hit by ransomware. Those products clearly aren’t working.

People know what ransomware is and 80% of people surveyed believe that they will be hit. That’s a huge client market.

How can channel partners capitalise on this product?

This is a very simple product to use and sell because we know that it won’t make money if it is complicated. A customer can click on a link for a 30-day trial and it just installs the trial there and then.

The partner can see how it is working from their office so they can use that information at the end of the trial. Once the trial is completed, the customer pays online and it’s done. It is as simple to sell and install as possible.

We know this is a good model because it is building on the success of the prior version of Intercept.

Our approach is all designed for partners to answer their clients' questions and to make them money.

It seems like AI has only just hit the cybersecurity market. How is deep learning AI different to other ‘next-gen’ offerings?

Machine learning in the past has been clumsy and large because it works using a series of decision trees.

It takes 100-500 milliseconds to figure out which files are potentially good or bad and results in a 500MB-1GB file. With our offering, we’re talking about 10 milliseconds and 10MB-20MB.

The old machine learning also provided a lot of false positives and blocked too much. What we did was load up all previous attacks and fed it to the software.

You loaded up all the attacks since when?

Well, ever. We loaded every attack that has ever been seen.

We have a big research department that went through and labelled these attacks very accurately. We have identified 27 fundamental techniques that hackers use and our new approach identifies these techniques and stops hackers and ransomware, as well as malware.

Is this an extension of the current models of machine learning in cybersecurity?

This is the next generation. The current models have limitations, they become ineffective quickly and so we knew we needed something different.

That’s why we looked at deep learning, which was already being used by Google and Microsoft in a variety of different ways.

The trouble is that it initially consumes immense amounts of data, so our advantage was our computing power and space to run data during production at Sophos, which produced the algorithms that sit on a computer. It’s actually quite spooky some of the things that it can do.

Could you describe one of these spooky things?

After one day we already have 130,000 endpoints running this product, and in one day it has already picked up more than a dozen cases of a DoublePulsar attack, which is tool a used by the NSA and stolen by hackers last year. The software had never seen that attack before and is already able to prevent it.

50% of companies were hit by ransomware last year. Of those, most were attacked twice. A lot of people have to pay which generates huge amounts of revenue for hackers and that’s why it will continue to be a threat.

This tool will stop ransomware, other exploit utilisation, as well as attacks that have never been seen before.

That’s bold statement.

It is. A bold statement from a bashful company.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
SAP provides partners with free access to their cloud platform
“Now that over 3,700 SAP partners have joined our cloud strategy, the free resources will help them accelerate application development."
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Why the future of IT infrastructure is always on and always available
As more organisations embrace digital business, infrastructure and operations leaders will need to evolve their strategies and skills to keep up.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.