Sophos taps deep learning for more accurate malware detection

By Espie Angelica A. de Leon

British cybersecurity firm Sophos has incorporated deep learning technology into its product to embed it with predictive security features and make it stop unknown malware without signatures.

Sumit Bansal, Sophos managing director for Asean and South Korea, explains the concept of deep learning to members of the media at a briefing held in the Makati office of Sophos on December 13

Sumit Bansal, Sophos managing director for Asean and South Korea, explains the concept of deep learning to members of the media at a briefing held in the Makati office of Sophos on December 13

The product is Intercept X, a “neural” network which can detect faster, in 20-100 miliseconds per file. It is also smaller at 10-20 MB and at the same time smarter as it provides proven higher detection rates which improves as more data is captured.

Traditional machine learning models perform at 100-500 miliseconds per file, are larger at 500M to 10GB, and have lower detection rates which decrease further as more data is gathered.

With predictive security, Intercept X can foretell with precision of calculation, knowledge, or inference from facts or experience, thus stopping any ransomware from penetrating, denying the hacker, and preventing the unknown from happening.

Speaking at a media briefing at the Sophos office in Makati on December 13, Sophos managing director for Asean and South Korea Sumit Bansal explained the concept of deep learning which allows Intercept X to achieve these.

“Deep learning is a type of machine learning. It’s self-learning. You throw all the samples to the deep learning model and it learns by itself so it’s much quicker,” he said.

With all the samples of the last 30 years fed into the model, its algorithms are able to determine good data from bad data. Thus, it is able to predict any impending threat or attack and prevent it from happening. This is opposed to a machine learning model which learns to recognize good and bad data through programming.

Sophos Labs records 400,000 new variants of malware every day.

“It’s physically impossible for a human being to write 400,000 new signatures. At some point in time you’re gonna give up,” he said, “so we need to use machines to do that.”

Besides, according to Bansal, machines are becoming more accurate than human beings as algorithms are getting more sophisticated.

Sophos is currently testing Intercept X and will launch the product in January 2018.

Based on the Sophos Malware Report for 2017, advanced malware attacks, especially malware for Androids, accounted for 33% of total threats globally. Among these were Zero-day attacks with multiple stages, Worms, Trojans, VB script, PDF, and File-less click fraud.

Ransomware recorded the highest percentage of threats at 47%. These included Dropper, phish, shortcut, .DOC, macro Wanna, and Petya worms.

Of all the ransomware intercepted by Sophos Labs in 2017, the highest was in the United States at 17.2%, followed by UK at 11% and Belgium at 8.6%. The Philippines accounted for 1.9% of the total ransomware intercepted.

Comment on this post