Cyber ​​threat countermeasures using deep learning-EDR that can be reached by small and medium-sized enterprises

The introduction of EDR (Endpoint Detection and Response) solutions will become increasingly important as products to combat increasingly sophisticated cyber threats. However, the current situation is that securing human resources and introduction / operation costs are barriers, and the hurdles for introduction are high for small and medium-sized enterprises (SMBs). However, EDR products that break this wall have appeared and are attracting attention. That is “Intercept X Advanced with EDR” provided by Sophos. Reasons why EDR attracted attention and the wall that stands in the way of introduction EDR monitors logs, including endpoints that have gone out of the company’s network due to telework, etc., detects traces of cyber attacks and malware, and takes countermeasures (cleanup, removal, It’s a solution to isolate). This prevents the spread of infection from one endpoint to other endpoints and servers. The reason why EDR has attracted attention is that many of its solutions also respond to “zero-day” attacks for which countermeasures have not been established, including unknown threats.

Sophos Partner Sales Headquarters Strategic Sales Department
Naoki Fujitani Many security experts have warned about the recent spread of cyber threats. In recent years, nearly 150 million new malware has been generated in a year, and there are many damages such as zero-day attacks that are difficult to prevent, attacks of new types of malware that evade security countermeasure products, and EMOTET and Iced ID. In addition, new methods are emerging one after another in ransomware. Under these circumstances, EDR is seen as a promising countermeasure against threats. However, there was a big barrier to the introduction of EDR for SMB. One of the walls is cost. Operating EDR often requires security expertise, and companies that do not have such personnel need to hire new personnel. However, due to the recent threat situation, the annual income of these human resources is rising, and it is not so easy to hire them. Another barrier is the new system cost. Since EDR monitors threats based on logs, storage for storing logs is required. “EDR for SMB” with a high degree of intelligence However, solutions that claim “EDR for SMB” are now emerging. The representative is Sophos’s “Intercept X Advanced with EDR”, which is characterized by its use of deep learning. “Our product features automation. Not only malware detection, but also quarantine and removal are all automated. In the unlikely event that ransomware data encryption is performed, files are automatically rolled back. It is installed, and incident reports are automatically created, and the report provides “recommended actions” that should be taken next, greatly reducing the burden on the administrator. We can do it, “says Naoki Fujitani, Strategic Sales Department, Partner Sales Headquarters. Founded in the UK in 1985, Sophos has sought to develop advanced security solutions for SMBs early on. In 2017, it acquired Invincea, Inc. of the United States, acquired AI-based protection technology, and installed it in its products. Invincea’s AI technology is based on deep learning. Sophos has 36 years of threat information such as malware from its founding to the present, and is working to improve AI technology by using it as learning information. The technology scored the highest performance and few false positives in third-party tests, resulting in the detection and stopping of unknown malware within 20 milliseconds. Machine learning works by learning features within the range of the input algorithm, but it has the disadvantage of being vulnerable to unexpected attacks beyond that. On the other hand, in deep learning, compared to machine learning, the features themselves are learned by themselves to achieve more accurate threat detection. “There are a number of companies that provide EDR solutions that use machine learning, but only a few, including us, are using deep learning.” (Mr. Fujitani) By providing advanced detection capabilities, automation of responses such as isolation, and provision of services via the cloud, it has become possible to remove the barriers of securing human resources and system costs. In addition, comprehensive automation enables 24/7 monitoring and removal. With SMB, it was difficult to monitor the system at night and respond to threats, but Intercept X eliminates that weakness.