Sophos adds Deep Learning to its email in Sophos Email Advanced

Sophos integrates its email solution with their Sophos Central cloud platform, and with their Synchronized Security cross-product collaboration capabilities are able to bring their deep learning functionality to their email.

Bill Lucchini, senior vice president and general manager for the Sophos Messaging Security Group

Cybersecurity vendor Sophos has announced Sophos Email Advanced, which integrates their Deep Learning capabilities into their email solution for the first time, offering additional protection against unknown threats through the email solution itself. Sophos Email Advanced also adds new protection against phishing and spoofing.

The enhanced email solution is the product of a strategic initiative.

“Late last year, we did an internal look at what was going on with the market, and we decided that the email space was growing in importance to customers,” said Bill Lucchini, senior vice president and general manager for the Sophos Messaging Security Group. “Hackers were getting successful enough that we had to give this area more emphasis. So we formed the Messaging Security Group to double down on the strategy, and that ultimately led to this.”

Sophos Email Advanced is managed through the Sophos Central management platform, which provides an integrated data protection system, and allows the email to work with Intercept X endpoint protection, the technology that Sophos acquired with Invincea last year.

“We have, for a number of years, invested in Sophos Central, putting all our best security technology under one roof to manage everything under a single portal,” Lucchini said. “If you want good security, you can’t make IT admins log into five different consoles to find out what’s going on. So this has been a big hit. We have seen strong growth with sales rising from $88 million to $186 million over the last year. Customers are really appreciating this, and are buying into the Sophos Central strategy.

“We have also been investing in Synchronized Security, taking advantage of all the data in the products to allow the products to talk to each other and make better decisions,” Lucchini added. “Between Sophos Central and Synchronized Security, we can provide much better security.”

Bringing Sophos email into this network with Sophos Email Advanced adds one more puzzle piece into that strategy.

“Between 90 and 93 per cent of data breaches have something to do with email, so it is a very dangerous threat vector,” Lucchini said. “We protect over 10 million mailboxes today. Our SophosLabs organization has access to tons of data. From it, we find that 75 per cent of malware is unique to an organization, which means it is for customized zero-day attacks. The ability to create custom-designed malware is so easy now. The Labs see it all the time. We detect it with our deep learning neural network. Our sandboxing technology looks at these emails at the gateway and apply deep learning to stop it at the gateway. 77 per cent of malicious email contains some kind of malicious file attachment. We now can stop all these never-before-seen malicious files.  It’s the use of our deep learning capabilities on the email that is new here.”

Sophos Email Advanced also has upgraded anti-phishing capabilities.

“We recently did a survey that found that 41 per cent of IT admins say their company gets daily phishing attacks,” Lucchini said. “The simple ones are easy to stop by identifying malicious URLs. But there are now more sophisticated attacks that have clean URLs, and then load malicious code once they get inside. So we have added ‘Time-of-Click’ protection. In addition to checking at the gateway, it checks the file again when a user clicks that link, in case it now has malware.” This is also effective against ransomware.

New protection has also been added against spoofing, including a combination of SPF, DKIM, and DMARC authentication techniques and email header analysis.

“We use a number of different techniques to detect when a non-account owner is sending email,” Lucchini said. “We can verify if it came from Sophos servers, if the content end-to-end have been modified in any way, or if there have been changes to the metadata.”

While Sophos Email Advanced with its integration into Sophos Central and deep learning capabilities now becomes the flagship email product, Sophos will continue to sell Sophos Email.

“While Sophos Email Advanced is where the market is going, we will maintain Sophos Email for customers who want an on-prem product,” Lucchini said. “There’s a market for that in countries like Germany, where for regulatory reasons or just preference they want this to stay on-prem. That’s a good business for us.”

Sophos Email Advanced is available now through Sophos channel partners.