For the people at SophosLabs, tracking malware is a 24/7 job—the threats never stop, so neither do we. Our labs in Australia, Hungary, England and Canada allow us to “follow the sun,” meaning we always have experts on duty to respond to new threats.
It’s essential that we do it this way to keep our customers protected in real time. Our labs process millions of emails, URLs, files, and other data points to keep our protection up to date. So how do we do it?
To make sure SophosLabs is working continuously, there is a highly orchestrated hand-off between the different locations. Before the researchers in Vancouver say goodnight, they share the latest data on to the team in Sydney. Sean McDonald, head of SophosLabs Sydney, says it’s like passing the baton to the next team, so experts are always dealing with issues seen by customers and anything serious that might crop up.
In a high-profile example of malware detection, SophosLabs this September added protection against the Cryptolocker ransomware, keeping our customers safe from an outbreak of this file-encrypting threat.
Of course, to stay ahead of the threats, SophosLabs doesn’t have the luxury of dealing only with the threats of the day. Our labs need to be making strides against what’s coming over the horizon. That’s why teams of researchers called tiger teams specialize at various types of threats, like rootkits.
SophosLabs is constantly developing and fine-tuning automated processing of malware, as SophosLabs VP Simon Reed explains. SophosLabs is not just focusing on one particular piece of malware, but classes of malware. “A lot of our work is around systems, automated processing and automatic delivery of protection to customers. That’s really the essence of what the lab does,” he explains, according to a TechWorld Australia interview.
Keep up with SophosLabs
SophosLabs researchers are some of the best minds in the industry. To keep all of us safe, they share a lot of their findings with other researchers around the world, through technical papers and presentations at conferences, such as the VB2013 conference in Berlin last month.