Cybersecurity service provider Sophos has announced four new open artificial intelligence (AI) developments to help broaden and hone the industry’s defense against cyberattacks. These four new offerings include datasets, tools, and methodologies designed to advance industry collaboration and cumulative innovation.
This is set to accelerate one of Sophos’s key objectives to open its data science breakthroughs and make the use of AI in cybersecurity more transparent. Sophos and its team of SophosAI data scientists hope that this step toward increased transparency will enable IT managers, security analysts, CFOs, CEOs, and others to discuss and assess AI benefits from a level playing field.
"Today's cacophony of opaque or guarded claims about the capabilities or efficacy of AI in solutions makes it difficult to impossible for buyers to understand or validate these claims," Joe Levy, Chief Technology Officer of Sophos, said in a statement. "Instead, it requires a grassroots effort and self-policing within our community to produce a set of practices and language that will advance the industry in a disruptive, open and transparent manner.”
The developments are in four areas: SOREL-20M, Impersonation Protection, a set of epidemiology-inspired statistical models, and YaraML. First is SOREL-20M, a joint project between SophosAI and ReversingLabs. This is a dataset that contains metadata, labels, and features for 20 million Windows Portable Executable files (PE). It includes 10 million disarmed malware samples available for download for the purpose of research on feature extraction to accelerate industry-wide improvements in security.
Impersonation Protection is designed to protect against email spear phishing attacks by comparing the display name of inbound emails against high level executive titles. This is especially useful to those most likely to be spoofed in a spear phishing attack, such as a CEO, CFO, or president.
The third offering is a set of epidemiology-inspired statistical models for estimating the prevalence of total malware infections. This enables Sophos to estimate infection in a PE file stack. This has been made publicly available to help to determine malicious 'dark matter’ malware that can often be missed or incorrectly classified.
The fourth offering is YaraML, a novel method for automatic signature generation. YaraML significantly differs from previous options by taking an AI based approach to the problem.
With these new offerings, Sophos is able improve companies’ access to and awareness of innovative AI approaches in the cybersecurity space.