Later this year, Sophos plans to deliver an ensemble of endpoint security technologies that will be infused with machine learning algorithms the company has gained access to in the wake of its acquisition of Invincea this week.
As a provider of anti-virus software that doesn’t rely on signatures to identify malware, Invincea has been at the leading edge of using both machine and deep learning technologies to detect and quarantine potential malware.
Dan Schiappa, senior vice president and general manager for Sophos Enduser and Network Security Groups, says by the third quarter, Sophos plans to integrate the Invincea approach to combating malware with its latest generation of endpoint security offerings that already make extensive use of Big Data analytics.
“We’re going to bring algorithms to the endpoint via an ensemble of products,” says Schiappa.
That combination of security defenses should send a signal to cybercriminals that the time required to get past those defenses is not going to be worth the financial effort, says Schiappa.
Invincea CEO Anup Ghosh says Invincea today has about 300 customers it directly supports. Invincea also has another 25,000 users of its technology via a reseller agreement with Dell Technologies, in addition to over 4 million users of a freeware security software it makes available. By becoming part of Sophos, the base of customers using Invincea technologies should expand, says Ghosh.
At its core, Ghosh says, the security software developed by Invincea maps the genome of malware as it emerges across the internet. Armed with the intelligence, IT organizations can then proactively reduce the number of vulnerabilities that can be exploited in a way that also serves to dramatically reduce the number of false positives generated.
“It’s all about reducing the attack surface,” says Ghosh.
Regardless of the method used, a lot of the drudgery associated with maintaining IT security is going away. Less clear is the effect all this automation will have on the need for IT security professionals. It’s unlikely IT security professionals will be made obsolete, but their numbers may end up being substantially lower.