SOPHOS – Intercept X: the executive’s view
Machine learning requires amazing people, so let’s meet one…
We met with Dan Schiappa, Senior Vice President and General Manager of Products at Sophos, to delve deeper into what makes Intercept X the ultimate in endpoint protection.
Hi Dan, tell us how you contributed to Intercept X…
I’m the SVP and GM of Products at Sophos. When I begun working here I made the decision that we must relentlessly innovate, and that the innovation should start with Endpoint.
Through some great acquisitions and fantastic internal development, we’ve brought to market the best endpoint protection in the world.
What makes Intercept X different?
Intercept X is different because it brings the most advanced predictive technologies into one product. Our machine learning for malware detection – deep learning neural networks – is the most advanced in the industry, and we’ve combined that with the most comprehensive exploit and ransomware protection.
No vendor has better detection rates or lower false positive rates than we have with Intercept X. When you add that to our hacker technique detection-based exploit protection and our behavior-based ransomware protection, you get the best security against unknown, never-seen-before advanced attacks.
Intercept X also includes Sophos Clean, which is the industry’s most advanced forensic-based malware cleaner, as well as our strong root cause analysis which allows an IT admin to deeply investigate any detection. But it doesn’t end there – we’ve also introduced a new Synchronized Application Control feature to our highly innovative Synchronized Security, which integrates with Intercept X.
How does it change endpoint security?
There are two distinct approaches to endpoint security – a reactive and a predictive.
The reactive approach – think traditional antivirus (AV) – had good detection rates and very low false positive rates. This meant it would detect most attacks, particularly those based on known exploits, and would rarely falsely identify something benign as malicious.
The predictive approach started with more traditional machine learning. This resulted in great detection rates – much better than traditional AV – but it also came with very high false positive rates. The result was IT admins frantically white listing legitimate applications, and employees having their work interrupted.
Sophos Intercept X uses deep learning neural networking for malware detection. With deep learning we can train our systems on much larger datasets than traditional machine learning, and as a result our detection rates surpass both traditional antivirus and machine learning.
Deep learning also results in a much lower false positive rate, which is more aligned with that of traditional AV. As a result, we get the best of both worlds.
But the benefits don’t end there – with our ransomware and exploit detection we don’t even scan files, we simply look for the behaviors of ransomware, as well as techniques that hackers use to exploit vulnerabilities. This means we can stop any attempt across nearly 30 different hacker techniques, such as credential theft, stack pivot, heap spray, code caves, APC, and more.
How will Intercept X impact the lives of IT admins?
The most important thing it will do for IT admins is give them one less thing to worry about.
With Intercept X, not only do we detect advanced zero-day attacks (through our deep learning exploit protection and Cryptoguard), we will automatically clear up any malware using Sophos Clean.
We’ll then provide the IT admins deep insight (using root cause analysis) into what we detected. We do this through our industry-leading Sophos Central cloud-based management platform which provides an unprecedented combination of raw power and ease of use.
Describe Intercept X in one word?
What’s next for Sophos and Intercept X?
The radical innovation we’ve delivered with Sophos Intercept X is just the beginning. We’ve started down this path of relentless innovation and we are just getting started. Watch this space.