Sophos Boosts Threat Detection Prowess By Fusing Deep Learning Into Intercept X Endpoint Security Tool

Sophos has rolled out the latest version of its Intercept X anti-exploit application to the general public, incorporating deep-learning technology to boost malware detection rates.

The Oxfordshire, England-based vendor said the new version of Intercept X would be the only product in the world to combine machine learning, malware and exploit blocking, and ransomware protections into a single offering, said Dan Schiappa, SVP and GM of Sophos's end-user and network security group. The new deep learning capabilities come courtesy of Sophos's February 2017 acquisition of Invincea.

"The channel really embraced Intercept X," Schiappa told CRN. "It's been the fastest-growing product in the company's history."

[Related: Sophos CEO: Rise In Ransomware Shifting Security Budgets, Priorities From The Network To The Endpoint]

Sponsored post

The addition of deep learning will make it possible for Intercept X to curate and label data even more accurately since it's now able to process hundreds of millions of samples rather than just tens of millions of samples, according to Schiappa. As a result, Intercept X will be able to make more accurate predictions at a faster rate with fewer false-positives as compared with traditional machine learning.

Those new capabilities allowed Sophos to incorporate malware protection into Intercept X while keeping the product laser-focused on predictive security, Schiappa said.

For new customers, Intercept X retails between $20 and $40 per user for a one-year term, and scales based on volume and term length. Current Sophos Intercept X customers do not need to purchase new licenses to receive these new features.

Margins, meanwhile, should be very consistent with what partners have grown accustomed to around Intercept X, according to Schiappa.

Sophos previewed Intercept X's new deep learning and exploit protection powers in early November through a 1,000-channel-partner early access program, the company said at the time. Partners in the pilot praised Sophos' ability to make the sophisticated technology consumable, according to Schiappa, meaning that some elements of Intercept X were as easy as flipping a switch and turning it on.

Pilot participants said user experience could be improved by making it possible for partners to access in-depth information more easily without having to go from a visual graphic to a tabular format, Schiappa said. Since receiving this feedback, Schiappa said Sophos has focused on making the experience more streamlined for security administrators wishing to see this data.

Sophos is building co-branded marketing materials with its channel partners around Intercept X, according to Schiappa, with the messaging focusing on ransomware and deep learning. Schiappa expects the latest version of Intercept X to gain traction in Sophos' entire channel community.

Intercept X is sold in tandem with Sophos Central Endpoint Advanced on 90 percent of occasions, Schiappa said, with the two offerings packaged together. On 10 percent of occasions, though, Schiappa said Intercept X is sold in tandem with a competitor's endpoint security product.

Dataprise has adopted Intercept X and Central Endpoint Advanced over the past year to replace a multi-vendor endpoint offering consisting of traditional antivirus and anti-malware protection, according to Tim Foley, information security director at the Rockville, Md.-based company, No. 354 on the 2017 CRN Solution Provider 500.

Switching to a single agent with Sophos has enabled Dataprise to lower the cost per unit on its endpoint while providing more value and protection, Foley said.

Foley praised the latest version of Intercept X for its ability to block previously unknown malware and detect malicious code hidden in well-formed applications. He said the capabilities added from Invincea would make it so that anything that matches known malware can't execute, which will, in turn, provide Dataprise's customers with an additional safety net.

"Customers don't want to hear that I gave them one chance to stop something," Foley said. "They want me to give them four or five chances to stop it."