How Sophos looks to deep learning and the cloud for stronger security protection and delivery
Keeping your organisation secure in a device- and data-heavy world is tougher than ever. Utilising cloud and artificial intelligence (AI) technologies can lead to various issues – recent coverage has spoken of the problems of hackers ‘hijacking’ AI technology, for instance – but it can also make life easier for security teams.
To get to that harmonious state between human and machine however, a few questions need to be answered along the way. Who does what work? What vectors and bad actors do we need to look out for? Where do we go from here?
Security giant Sophos published a two-part blog in May which aimed to describe the process of fusing artificial intelligence and security and how the company was utilising it.
The company utilises deep learning in particular to recognise malware which nobody else has seen – not only analysing it by its code, but by how it behaves. Sophos analyses more than 2.8 million new malware samples each week, which shows the extent of the challenge and the resources spent combating it.
“When we combine our new data with the hundreds of millions of samples we’ve already collected, our deep learning system can essentially ‘memorise’ the entire observable threat landscape as it stands right now,” the company writes. “Our models help us analyse complex relationships between different features, and we can continually adjust them to target real malware with fewer false positives.”
Erik Farine, regional director for Benelux at Sophos, says that 450,000 new ransomwares or malwares are created per day, of which three quarters could be targeted specifically on one company. “Today we look at behaviour and not at signature anymore,” he tells CloudTech. “There’s no way in keeping track of that without having an AI system that helps us to track that and to make sure that we have a live update on behaviour.”
In May, Oracle published a report which argued this very point. To best protect information systems, across the data, device and application layer, automation and artificial intelligence-based software was needed to give the ‘defence-in-depth’ required to reduce risk, the report explained.
But where does the human side fit in? Plenty has been written across various industries on how AI will fit into organisational structures, with the prevailing consensus being that the human touch would still be needed. When it comes to security, particularly looking at the employee-facing side, the consensus is that the human is the weak link in the chain.
This was also emphasised in the Oracle report. Of the 775 corporate executives polled, the majority said human error was one of the biggest risks to information security. That said, for almost half (47%), the response would be to invest more in people than in technology.
The latter is an opinion with which Farine agrees. Get best practices right and you have got a lot of the job done. “If the AI has to do the work, we’re too late,” he explains. “Make sure that your root ports are closed and make sure that people understand phishing. Those two can rule out lots of intrusions if we manage to do that.”
Another element where Sophos has been looking to utilise deep learning is through its Intercept X offering, focused around endpoint protection. The company announced in May it was adding endpoint detection and response (EDR) to Intercept X for Server. The driving force was a nod to cybercriminals’ evolving habits, frequently blending automation and human hacking skills to carry out attacks on servers.
What’s more, the company is increasingly looking to the cloud, with its Sophos Central unified cloud console, where all security products reside, being claimed as the only vendor doing it today. This is a natural progression, Farine argues; security vendors need to move to ‘as a service’ rather than legacy licensing models.
“If you look at the future, seeing that the market has ramped up in terms of finding people, and finding the know-how, more and more we see that the evolution is towards the cloud, which we are in today,” says Farine. “The next step is it becomes a service. If I look at my region, if you look at the MSP market, that is actually 7% of our business today, and it’s doubling every year.
“It’s evolving very quickly, and from there the step is very small to bring it as a service.”
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.