Sophos grows anti-malware ensemble with Invincea

CorporateEnduserInvinceaNext-genNext-Generation Enduser ProtectionSophos

screen-shot-2017-02-08-at-14-14-54I am so excited to announce our acquisition of Invincea, a next-generation endpoint security company founded by Dr. Anup Ghosh in 2009.

One may ask, if you already have great next-generation technology, why do you need Invincea’s technology?

There’s an “Avengers” analogy to be had here: It’s great to have a group of heroes around to defend the world. But it’s much better to add another hero to the ensemble.

Think of Invincea as the superhero that takes our ensemble to the next level – the entity that adds neural network-based machine learning to the team.

The path to Invincea: Endpoint Protection and Intercept X

In recent years Sophos has worked to reduce our reliance on signatures, moving from traditional antivirus to next-generation advanced malware detection and prevention with technologies like behavioral detections, malicious traffic detections, emulation, and security heartbeat. As a result, only a tiny fraction of the detections in Sophos Endpoint Protection are signature-based.

Because of our ensemble of next-generation technology, we have been able to keep malware detection rates high and false positives low. For years, the security market has focused on scanning executables for anti-malware, but now we see a growing number of data breaches occur due to exploits. As a result, we’ve pushed aggressively into the realm of next-generation exploit detection/prevention with Sophos Intercept X.

In September we launched Intercept X, a powerful signatureless next-generation product with exploit protection, anti-ransomware, protection against in-memory malware, root cause analytics and forensic-based malware removal. This new product was developed by combining technologies from Sophos with that acquired from our SurfRight acquisition in 2015.

Expanding the ensemble

Invincea was built to address the gathering threat from advanced adversaries, most notably those using zero-day methods that target companies, governments and critical infrastructure. A neural network-based approach to machine learning is at the heart of this next-generation signatureless approach. The algorithms were developed by the same data scientists who worked on the DARPA Cyber Genome project at Invincea Labs.

With Invincea, we add this effective machine-based learning approach to detect malware that previously could sneak past traditional signature-based technology. In third-party testing, and with customers, it has proven to be extremely effective while having low false positives.

Invincea currently protects companies and government agencies with between 200 and 200,000 employees.

Now it’s part of our ensemble, and will make us even stronger.

screen-shot-2017-02-08-at-14-26-30

Machine learning

Let’s focus some more on the machine-learning approach that’s central to how Invincea functions.

The process is more efficient, performant and effective than anything we’ve seen before. And with this, the better our ability to stop malware in its tracks before it becomes a problem for the customer.

Some of the high points:

  • Deep Learning Neural Network implementation leads to better detection and lower false positives as compared to more primitive ML implementations.
  • Invincea’s approach is targeted at finding malware that shares common characteristics with known malware, but whose similarities often escape human analysis; this makes it effective at volume detection of derivative malware, using methods that scale.
  • Deep learning detection of executable malware with Bayesian calibration maximizes both sensitivity and specificity.
  • Techniques are extensible to detections beyond just executables and beyond just files.
  • Behavioral-based detections provide extensive coverage of the tactics and techniques employed by advanced adversaries.

How we’ll integrate Invincea

Invincea’s technology will be integrated into an Endpoint Protection product and offered through Sophos Central. This will be a key part of our unique security strategy, Synchronized Security.

With Synchronized Security, our products speak directly to one another to share actionable intelligence that can improve effectiveness and responsiveness to threats. With Invincia’s technology, when we identify an attack, our Security Heartbeat will transmit this information to several Sophos products such as our XG Firewall and SGN Encryption and they will take the appropriate action to further product our customers.

We are very excited to roll our new, more comprehensive ensemble, and we look forward to the stronger security it’ll provide our customers.

screen-shot-2017-02-08-at-10-50-25

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s