The leader of next-generation cybersecurity technologies, Sophos announced that it has signed four new open applications focused on Artificial Intelligence (AI) that will help support and strengthen the industry’s defenses against cyber attacks. The announced innovations will accelerate the company’s efforts to support breakthroughs in data science and lay the foundation for making the use of artificial intelligence in cybersecurity more transparent.
While sharing AI methodologies and findings is common practice in most industries, this approach has not progressed in the cybersecurity industry. The result has been a plethora of voices about how artificial intelligence protects against cyber threats. These new applications, developed by Sophos and the SophosAI data science team, will bring artificial intelligence-focused discussions and information sharing in security to an open platform. Thus, security purchasing and management executives such as IT managers, security analysts, CFOs and CEOs will have the opportunity to discuss and reach conclusions in an open, informative platform when making decisions around AI-based security solutions.
Sophos CTO Joe Levy, “With these new steps SophosAI has taken to clarify their research, we can enable a better understanding and discussion of how AI is positioned in the cybersecurity space.” “There are many claims and confusion about the capabilities and effectiveness of artificial intelligence in security solutions today. This makes it difficult for decision makers to understand or verify the claims around artificial intelligence. This leads to general suspicion and causes resistance to innovations in this field. “We cannot move fast enough with standards or regulations to remedy the situation. Instead, we must adopt language and practice that will move the industry forward in an open and transparent manner, by embracing collective participation and self-regulation.”
Open Source Artificial Intelligence Initiatives Will Carry the Industry into the Future
The necessity of such a step becomes clearer given the enormous contributions artificial intelligence can provide to build better cybersecurity approaches. Sophos’ findings show that cybersecurity teams have to contend with constantly evolving, creative campaigns and new attack techniques that are increasingly credible. Building scalable and effective lines of defense against these and many other types of cyber attacks requires the help of artificial intelligence.
Sophos provides datasets, tools and methodologies in four key areas of AI and security:
SOREL-20M Dataset to Accelerate Malware Detection Research
SophosAI and A collaborative project with ReversingLabs, SOREL-20M consists of a production-scale dataset containing metadata, tags, and properties for 20 million Windows Portable Executable files (PE). The cluster contains downloadable samples of 10 million disabled malware to accelerate security remediation and research. This dataset stands out for being the first production-scale malware research dataset to be organized, tagged, and generally available in its field, accompanied by metadata.
Artificial Intelligence Assisted Anti-Phishing
SophosAI Impersonation Protection, to protect against targeted phishing attacks, usually via email, by cyber-attackers who try to deceive buyers by impersonating different people. was designed to. This new protection compares the display name of incoming emails with senior executive titles from specific organizations (such as CEO, CFO or president) and flags messages it deems suspicious. Sophos trained the AI working behind the scenes of this technology on a large sample set of millions of known hacking emails. SophosAI shared the details of this innovative protection method it has made public at Defcon 28 and through its Arxiv article.
Digital Epidemiology to Identify Undetected Malware
SophosAI created a set of epidemiology-inspired statistical models to predict the prevalence of malware infection. This model allows Sophos to predict contaminations like looking for a needle in a haystack, increasing the chances of detection. SophosAI pioneered and made publicly available this method, which helps identify malicious ‘dark matter’, overlooked or misclassified malware, and ‘future malware’ being developed by attackers. The model is designed to be extended for other file classes and information system structures. Details are also included in the Sophos 2021 Threat Report.
YaraML Automated Signature Creation Tools
Signature generation for detection of malware families is a laborious manual process. Over the years, researchers have proposed a variety of automatic signature generation methods, but these have not been widely adopted because they outperform most manual methods. SophosAI took an artificial intelligence-based approach to this problem and developed an automatic signature generation method called YaraML. SophosAI compiles these signatures directly using the signature languages of extensive industrial-grade machine learning models used in commercial security products and allows AI to write the signatures. This method, which has proven to be much more effective than previous approaches, represents a significant leap forward in security. SophosAI offers YaraML as open source.
These four innovations by Sophos to strengthen cybersecurity represent the latest developments of SophosAI, powered by SophosLabs, Sophos Managed Threat Response and the intellectual expertise of a global company approaching billions of dollars with hundreds of thousands of customers. Another advantage of SophosAI is that it can add new technology directly to shipping products. This model allows Sophos to respond quickly to market needs, supporting industry collaboration and guiding where to focus for innovation.
31619
