Sophos unveils four new areas of cybersecurity datasets, tools for enterprises

British cybersecurity software and hardware company Sophos Group on Wednesday said it is launching datasets, tools and methodologies across four areas of artificial intelligence (AI) developments.

The new offerings will sharpen the broad industry’s defences against cyberattacks, as IT managers, security analysts, CFOs, CEOs, and others making security buying or management decisions, discuss and assess AI benefits, according to a statement.

The four developments are a dataset for malware detection research, an AI-powered impersonation protection method, a digital epidemiology to determine undetected malware, and automatic signature generation tools.

The Sophos-ReversingLabs (SOREL) 20 million sample malware dataset or SOREL-20M is a joint project between SophosAI and ReversingLabs. It is a production-scale dataset containing metadata, labels and features for 20 million Windows Portable Executable files (PE).

The AI-powered impersonation protection method, as per the statement, is designed to protect against email spear phishing attacks, where influential people are impersonated to trick recipients into taking some harmful action for the benefit of the attacker. Sophos says it has trained the AI working behind the scenes on a large sample set of millions of known attack emails.

The newly built set of epidemiology-inspired statistical models for estimating the prevalence of malware infections in total, lets Sophos to estimate and in turn enabling a better chance to find the needles in a PE file haystack. 

The model is designed to be extensible to other classes of files and information system artefacts. “SophosAI has pioneered and made publicly available this method that helps to determine malicious ‘dark matter,’ malware that might be missed or wrongly classified, and ‘future malware’ that is in development by attackers,” according to the company. 

Finally, YaraML automatic signature generation tools are open-sourced. It directly compiles full-fledged, industrial strength machine learning models, the kinds used in commercial security products, into signature languages, essentially allowing AI to write the signatures. 

The statement added that it is common practice to share AI methodologies and findings in other industries, but cybersecurity has lagged in this effort and created a noisy understanding of how AI provides protection against cyberthreats.

“Today’s cacophony of opaque or guarded claims about the capabilities or efficacy of AI in solutions makes it difficult to impossible for buyers to understand or validate these claims. This leads to buyer skepticism, creating headwinds to future progress at the very moment we’re starting to see great breakthroughs,” Sophos CTO Joe Levy said.

Abingdon, Oxfordshire headquartered Sophos, founded in 1985, claims to protect over 400,000 organisations of all sizes in over 150 countries from the most advanced cyber threats currently.

It sells its products and services through a global channel of over 53,000 partners and managed service providers (MSPs).