Include Invincea's Deep Learning Engine (Machine Learning) on the UTM
Since Sophos has purchased Invincea, I am requesting that Sophos included Invincea's pre-execution Deep Learning Engine (Machine Learning) on the UTM itself.
Now that Sophos has acquired Invincea and their scanner's ability to detect new malware before it executes, if the scanner was included on the UTM, it could increase the detection of unknown malicious files before they execute.
With the combination of Sophos' database of known safe files which it could check files against, Sophos could avoid the problem of false positives from Machine Learning detection.
I am requesting that Sophos add this Machine Learning layer to the UTM to detect new, unseen malware, and having the UTM submit the file to either Sophos or Sandstorm for further analysis.
Machine Learning would add a new feature to the Sophos UTM that no other UTM/antimalware appliance has and would differentiate it from all others.
In version 18 we are leveraging Deep Learning capabilities in Sophos’s cloud-based analysis platform. When we send a suspect file to be scanned with Sandstorm, samples will also be checked with Deep Learning AI models. Deep Learning is also embedded into the sandbox environment and is used extensively during sample detonation. Version 18 will also provide new in-depth analysis reports that use aspects of machine learning to show how suspect items relate to other known good or bad files.