James Lyne from Sophos outlines challenges of keeping up with cyber criminals

Sophos has added deep learning capabilities to its Intercept X security software, which the company says stops zero-day malware attacks and blocks all known exploits.

Intercept X is hosted on the Sophos Central cloud platform and has an advanced new anti-ransomware which the company claims can stop ransomware variants within seconds.

The deep neural network aspect of Intercept X is said to be trained on “hundreds of millions of samples to detect when a file is malicious, potentially unwanted, or legitimate”.

Sophos is of the view that deep learning is more effective than traditional machine learning approaches because of its larger scale training set, smaller model, and more effective detections.

The deep learning learning capabilities are just one of a range of measures Sophos has been taking recently to strengthen its security offerings, another one being the new XG Firewall, a network traffic visibility tool which the company says is an “industry first” in that it can reduce the security risks associated with unidentified traffic by allowing administrators to see exactly what is on their network.

Sophos is a long-established company in terms of cyber security, having been established 32 years ago.

The company reported revenues of $72 million last year and employs approximately 2,700 people worldwide.

James Lyne is global head of security research at the security firm Sophos, and EM360º caught up with him for an exclusive interview.

Cryptographic philosophy

Among the many issues being discussed in public at the moment is that of encryption, specifically the battle between governments and the tech industry on whether there just be end-to-end encryption.

Pervasive encryption might make users feel more secure in that one imagines that their emails, text messages and other private information remains private.

But, on another level, the government’s concern is that it could provide unbreakable channels of communications between criminals and terrorists, and wants the tech industry to leave what is commonly referred to as a “back door” open so it can eavesdrop on conversations.

Lyne says he can see the argument from both sides, and it’s something of a dilemma.

“It is a really challenging issue,” says Lyne, “because you can look at either side of the argument and see very supportable and kind of honest intent.  

“I think it’s very hard to argue that law enforcement doesn’t have an important role to play in assuring our safety and then being unable to get access to information to stop the likes of terrorists and extremists or access to the, shall we say the less desirable side of material online, is clearly a real problem.

“By the same measure, encryption and all associated protocols have been baked into nearly every aspect of our lives now from when you fire up your iPhone, your android device and access your internet banking or even access your email when you’re sitting in a café using the wi-fi, it’s the thing that stands between you and a criminal or terrorists accessing your information.

“So there are absolutely differences in the positions between two supportable claims that are each really, really important.

“I think the one positive thing I can say is, I’m really, really glad that we’re actually having this debate and this ‘battle’ as you call it now, in the public, because this is a fundamental policy decision that will impact all of our privacy, all of our security.

“It’s a spectrum, from privacy to security, where we have to choose the position, we have to make compromises, which, I think, is not something that should be decided in deep, dark rooms without public oversight and visibility.

“So, I’m actually reassured that this argument is taking place, versus when it wasn’t happening in the past.

“For me, though, if I have to land on a side, the importance of encryption in protecting the security of data of individuals and businesses is such a key part of modern business and modern society that to put that at threat with wanton back doors or attempting to ban encryption that is wrong.

“It is likely to do more damage than good, given that terrorists will always find ways to securely communicate.

“So, I support the goals of law enforcement, but I think some of the details here may need a little more work.”

Cryptocurrency trade

Another issue, or technology, which has been much discussed in the public domain –although much more in the tech industry – is the rise of cryptocurrencies.

Bitcoin is said to be the first cryptocurrency, although there are many more now. All of them are based on a distributed ledger system called blockchain, which is said to be super-secure and open at the same time.

However, Lyne is firmly of the opinion that cryptocurrencies’ much-vaunted security features are not actually much of a defense against a determined thief.

It’s a point of view that perhaps is not much discussed or reported because the cacophony of voices shouting about how much money you can make from investing in cryptocurrencies overpowers everything else.

“For me,” says Lyne, “I think one of the subtleties in cryptocurrency that will sound obvious when I say it – but is often not really considered – is the comparative ease of theft.  

“With a wallet, you know, with something tangible, you’ve got to go to a lot of people and gain access to a thing to be able to use that money.

“With a credit card, you need the thing and the data from the thing. And then there’s a centralised system that represents an opportunity to cut that off.  

“The transition with cryptocurrencies to digital information, that is the currency, means possession of the thing means ability to use it in a fairly irrevocable sense.  

“So, we are seeing lots of malware popping up that looks for wallets on people’s computers, tries to steal it from people’s clipboards and the ease of taking possession and keeping it, and then laundering it is quite great compared to the world that we are coming from.  

“So, I think whilst a lot of people are focusing on the positive use cases, some of the big hi-jack instances that change of threat model for the individual is an interesting point that may be a little underrated for many who are thinking about it.

“Of course, the malware research is top of mind for me, but I think that’s probably the thing that I would pick at the moment.”

But having acknowledged that the technology does have vulnerabilities, Lyne remains optimistic about cryptocurrencies overall.

“I do think there are huge benefits to cryptocurrency,” says. “I’ve been a proponent for some time – still a little bleeding edge in some respects.

“One only has to look at the volatility from a purely financial perspective of bitcoin to see that it maybe has some challenges compared to the traditional currencies and markets.

“But I do think cryptocurrencies will represent the future of currency.

“I do think businesses want to understand and get their arms around now what cryptocurrency means for taking payments, working with their customers, how they all need to secure that data, and so on.

“So I think it’s really moved past the toy phase, into something that we all need to be thinking about, but clearly there’s a little work before it truly becomes that mainstream replacement.”

Realtime security

Whether it’s encryption or cryptocurrency, the fundamental requirement and consideration for both is security, and it’s something Lyne says needs constant vigilance, research and discussion, although he acknowledges that it’s not something more users want to be preoccupied with.

For Sophos, however, Lyne says the identifying of threats is constant concern, and it’s the subject of many of the panel discussions he regularly takes part in, such as the ones at IP Expo, held in London recently.

“The purpose is for us to be able to say, ‘Here’s what cyber criminals are up to, here’s our adversary for those of us that may be a subject to their attacks but don’t spend their days looking around their forums and on the dark web and seeing what they’re up to’.

“In particular, we are looking at a couple of areas that have been, according to security researchers, the next big target of cyber criminals, followed by a period of disillusion where not a lot’s happened.

“So, for example, mobile devices, the idea that mobile devices were going to get horribly hacked didn’t really catch on, because people stayed on the PC.

“But in the background, there have actually been some quite significant cases, particularly of late, that do show signs of cyber-crime shifting.

“For example, apps in the Google Play store, 50 of them were recently pulled because they were downloaded and installed by millions of users and – per user – they were stealing north of £800 from each of their victims.

“Those are examples of real fraud and real interest from cyber criminals but I think it’s really important that, when you’ve got your head down in the day-to-day dealing with malware, don’t forget, sometimes the landscape shifts.

“So, it’s all going to be about that level set of how cyber criminals are doing it right now.”