Sophos relies on cross-industry teamwork in its AI developments. With a new approach, SophosAI relies on the public sharing of information and thus promotes cross-manufacturer interaction in the IT security industry
Sophos announces four new developments in Open Artificial Intelligence (AI) that will help improve cyber-attack protection across the industry. This includes data sets, tools and methods that are intended to promote collaboration in the security industry and joint innovation. With this, Sophos has reached another milestone in its goal of making data science achievements more accessible and the use of AI in cybersecurity more transparent - all with the aim of better protecting companies from cybercrime.
AI teamwork for more cybersecurity
While it is common practice in other industries to openly share AI methods and insights, cybersecurity is lagging behind in these efforts. The result is a rather unclear understanding of how AI can help protect against cyber threats. Sophos and his team of SophosAI data experts are pushing the open approach so that IT managers, security analysts, CFOs, CEOs and other security decision-makers can discuss and evaluate the benefits of AI on the most consistent knowledge base possible.
SophosAI initiative
“With the new SophosAI initiative and the disclosure of research results, we want to make our contribution to how AI is positioned and discussed in the field of cybersecurity. Today's disagreement with opaque or cautious statements about the capabilities or effectiveness of AI makes it difficult or impossible for customers to understand or validate them. This creates skepticism and hinders future progress precisely when we are experiencing major breakthroughs, ”said Joe Levy, chief technology officer at Sophos. “Correcting this situation through standards or regulation is not going to happen quickly enough. Instead, it takes more grassroots effort to develop a set of practices, honest evaluations, and language that will move the industry forward in an open and transparent manner. "
High potential of AI
Given the immense potential of AI in cybersecurity, this change can hardly be overstated. Sophos findings show that organizations are increasingly faced with human adversaries who are constantly improving their attacks. You launch highly contextual Business E-Mail Compromise (BEC) campaigns or develop new ransomware attacks. A scalable and effective defense against cyber attacks requires the support of AI.
Sophos provides data sets, tools and methods in four key areas
SOREL-20M dataset for faster malware detection research
SOREL-20M is a joint project between SophosAI and ReversingLabs. It is a production-ready data set with metadata, labels and functions for 20 million Windows Portable Executable (PE) files. It is available for download and contains 10 million defused malware samples to conduct research into extracting features to accelerate industry-wide security improvements. This dataset is the first publicly available production-scale malware research dataset including a curated and tagged set of samples and security-related metadata.
AI-based impersonation protection method
SophosAI Impersonation Protection is designed to protect against email spearphishing attacks, where people pose as important contacts to deceive recipients and take harmful actions. The new protection compares the sender of incoming e-mails with the names of executives and reports potentially suspicious messages. In particular, this includes the names that are most frequently misused in a spearphishing attack, for example by a CEO, CFO or managing director. Sophos trained the underlying AI with millions of known attack emails and publicly discussed the new approach at Defcon 28 and in an Arxiv report.
Digital epidemiology techniques to identify undetected malware
SophosAI has developed a number of epidemiologically inspired statistical models to estimate the spread of malware infections in order to better estimate the amount of PE files and, in turn, to better find the famous needle in the haystack. These models were made public to help identify malware that may have been overlooked or misclassified, or “future” malware that attackers are currently developing. The model is expandable to other file classes and information system artifacts and is also discussed in the Sophos 2021 Threat Report.
Tools for automatic signature creation with YaraML
Creating signatures for the detection of malware families is a tedious manual process. Over the years a variety of methods for automatic signature generation have been introduced, but most of them have not been adopted because they do not do justice to the manual processes. SophosAI has developed a new method for automatic signature generation called YaraML, which differs significantly from previous options in that it uses an AI-based approach to solving the problem. SophosAI compiles fully-fledged, industry-standard “strength machine learning” models from commercial security products directly into signature languages, with the AI essentially enabling the “writing” of the signatures. This method is proving to be far more effective than previous approaches and represents a breakthrough for cybersecurity. SophosAI makes YaraML available as open source.
More on this in the AI blog at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.