Sophos Ltd. has introduced a new email security solution equipped with real-time threat protection capabilities based on deep learning technology.
Named Sophos Email Advanced and available immediately, the new system adds a cloud-based option to an email security portfolio that had previously relied exclusively on locally-deployed firewalls and appliances.
Next-generation “predictive security” functionality in Email Advanced inspects incoming messages and block malicious payloads, including never-before-seen attacks, before they reach an end user’s network. That feature draws on Sophos Sandstorm, the U.K.-based vendor’s cloud sandbox technology, as well as artificial intelligence technology borrowed from Intercept X, Sophos’s next-generation endpoint security solution.
“We’ve pulled the backend guts out of Intercept X and put it in the cloud to scan stuff as it comes through our gateway,” says Bill Lucchini, senior vice president and general manager of the Messaging Security Group at Sophos.
Sophos introduced Intercept X in September 2016 and updated it most recently in January, adding a deep learning engine armed with neural networking technology. While machine learning systems can study tens of millions of virus samples, according to Sophos, Intercept X’s deep learning component can process hundreds of millions.
Other active threat protection capabilities in Email Advanced include “time-of-click” technology that rechecks embedded URLs the system previously cleared for use. The new feature is designed to defeat a sophisticated technique hackers have lately begun employing to hide dangerous links.
“They’ll send emails with links that go to benign locations and then a couple of hours after they send those emails they’ll go ahead and change the destination content so that it becomes malicious,” Lucchini says. Confirming that previously safe addresses are still safe every time a user clicks a URL protects organizations from such tactics.
Email Advanced also comes with anti-phishing technology that uses three industry standard safeguards—sender policy framework, domain keys identified mail, and domain message authentication reporting & conformance (DMARC)—in combination to help verify that incoming messages are really from who they claim to be from.
Lucchini points to DMARC in particular as a highly-effective anti-“spoofing” tool that has yet to be broadly adopted due to the difficulty organizations without specialized skills can have deploying it.
“We set it up so it’s super easy for our partners to configure and get their customers protected,” he says, noting that both the U.S. and U.K. governments have begun mandating use of DMARC.
“We expect that we’re going to see, finally, some serious adoption of DMARC,” Lucchini states.
In addition to its various inbound defenses, Email Advanced scans outbound messages as well to prevent unintended distribution of spam and viruses. It also allows users to customize security policies by user, group, or domain and integrates with the vendor’s cloud-based Sophos Central management solution.
Licenses for Email Advanced run from $25 to $44 per user for a one-year subscription, with discounts available for larger orders and longer terms.