Sophos Continues To Re-Imagine Holistic Enterprise Protection

Anil Prabha

August 20, 2020

Wong Joon Hoong, the Country Manager of Sophos Ltd in Malaysia, is an experienced sales and management leader, having built a successful sales and management career in the Malaysian IT industry for the past 27 years with sustained results & sales awards.

With proven business leadership ability, demonstrated strength in developing new business opportunities and good acumen for business, he has in-depth knowledge of Security hardware and software businesses ranging from Data Centre, Network, End User Computing Security to Cloud security solutions.

It was a great privilege for us to catch up with him recently as part of our interview series at Asia Blockchain Review.

Firstly, thank you for taking the time to talk to Asia Blockchain Review. We greatly appreciate your time and consideration in this matter. First and foremost, how are things with you and the company as we navigate this new normal? 

Like the majority of organizations around the world, Sophos had to adapt quickly to new ways of working to keep our employees safe both from a health and a cybersecurity perspective.

That meant putting plans in place to have employees work from home very early in the pandemic cycle. At the same time, we have been working closely with all our partners and customers to help them transition their employees to a safe work from home network environment. So, as you can image, this new normal has been a very busy time for Sophos in Malaysia, and around the world.

The ‘new normal’ also sees us now working with our customers to transition their workforce back into the office while ensuring that any technology they used while at home, is still safe to use when they are brought into a corporate work environment. And, of course, there are the businesses that need to find a happy, secure balance of having a mixed-based workforce comprising work-from-home and office-based employees.

With the ongoing global pandemic, supply chain disruptions, trade war imbalances and now violent protests associated with the treatment of African Americans as well, the situation in the US must be quite precarious for businesses. What’s your take on all this? Does all this have an impact on APAC operations?

The first half of 2020 has certainly seen a lot of disruptions to businesses across APAC for many reasons including COVID-19 and political unrest, which have definitely led to business having to constantly adapt. With so many issues to contend with, businesses need to become more agile and responsive to changing market, social and working conditions.

There are concerns that digital transformation (DX) may be a tad bit too rushed these days. What’s your take on this as companies pivot to to stay ahead in this new normal?

The COVID-19 pandemic has forced many organizations to expedite their digital transformation journey, while some have had to make only a few changes.

The one area of rapid expansion we’re seeing is the adoption of “off network” security technologies, which expand the edge of the traditional network while maintaining robust security.

Many organizations are quickly deploying VPN clients to enable remote working and adding additional authentication and/or authorization methods to increase security across devices.

These changes are the start of the next phase of digital security transformation whereby “secure access service edge” functions are put in place to constantly evaluate the organization’s security posture and its trust in users and devices, irrespective of their connection.

While many organizations are implementing these new processes and technologies because of COVID-19, hopefully these positive changes to organizational security will be retained, developed and refined following the pandemic as it will lead to a much more secure environment for everyone.

With the new normal, and working from home becoming the de facto standard, hacking activities are on the rise, and public as well private enterprises are being targeted by the usual suspects, APT groups, etc. How does a company like SOPHOS secure the cloud, its infrastructure, access and configurations?

The accessibility of the public cloud is a double-edged sword: while it enables teams to spin up new resources in minutes, it also makes it hard for IT teams to keep track of everything that needs to be secured.

Sophos’ recently released The State of Cloud Security 2020 indicates that nearly three quarters (73%) of organizations in Malaysia experienced a public cloud security incident in the last year – including ransomware and other malware (77%), exposed data (35%), compromised accounts (42%), and cryptojacking (22%).

Organizations running multi-cloud environments are greater than 50% more likely to suffer a cloud security incident than those running a single cloud. Having an inventory of cloud hosts and security groups helps spot potentially insecure cloud configurations before they become exploited by an attacker.

Sophos Cloud Optix is a powerful tool that gives organizations the ability to accurately see what they have running in the cloud at all times, while combining the power of AI and automation to simplify compliance, governance and security monitoring in the cloud.

Sophos Cloud Optix visually maps the infrastructure in your cloud accounts with a traffic overlay, so you can easily spot traffic abnormalities between hosts and interrogate your security group settings to determine if they are helping secure instances correctly.

Beyond that, the AI automatically learns the traffic baseline for the environment, so an attacker suddenly causing activity on an unused port (or a lot more traffic on a previously dormant or less-used port) will immediately lead to a potential security risk being flagged for investigation.

Cloud Optix also helps defend against other common avenues of attack such as security mis-configurations, credential reuse, privilege abuse and over-privileged access.

To help organizations determine the security of their cloud environments, Sophos offers a 30-day free trial of Cloud Optix.  This commitment free trial gives organizations:

  • Comprehensive inventory of everything they’ve got in the cloud: virtual machines, storage, containers, IAM Users etc.
  • Insight into Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes clusters, and Infrastructure-as-Code environments
  • Automatic scans for security gaps so they can address areas of weakness

Sophos’ Endpoint Detection and Response (EDR) system is apparently designed for security analysts and IT administrators. Threat hunting, built-in features and breach nullification are touted as key aspects. Explain how Sophos’ features are different from its competitors who claim to have essentially similar prowess in their solutions.

In June, Sophos unveiled an updated version of its Endpoint Detection and Response (EDR). It is the first EDR solution designed for both security analysts and IT administrators and is available now in Sophos Intercept X Advanced and Intercept X Advanced for Server with EDR.

Significant advancements and new capabilities make it faster and easier than ever before for security analysts to identify and neutralize evasive threats, and for IT administrators to proactively maintain secure IT operations to reduce risk.

Sophos EDR now provides powerful visibility across an organization’s entire estate, enabling security and IT practitioners to quickly answer critical threat hunting and IT security operations questions, and easily respond. New features include:

  • Live Discover: Pinpoint past and present activity with up to 90 days of data retention. Out-of-the-box ready SQL queries allow administrators to answer threat hunting and IT questions and can be selected from a library of pre-written options and fully customized by users. This flexible query engine provides access to some of the most granular and detailed endpoint activity recordings that are further enhanced with Sophos’ deep learning technology.
  • Live Response: Remotely respond and access endpoints and servers using a command line interface to perform further investigation and remediate issues; easily reboot devices, install and uninstall software, terminate active processes, run scripts, edit configuration files, run forensic tools, isolate machines, and more.

Deep learning technologies, AI and ML strategies are now becoming increasingly commonplace in cybersecurity. Explain how SOPHOS is integrating these systems to future – proof their solutions for the marketplace?

At Sophos, we talk about Cybersecurity Evolved. For cybersecurity to evolve, it needs to be predictive, adaptive and synchronized. Attackers are constantly changing their tactics, techniques and approaches, therefore, to stay one step ahead of them, you must use predictive technology.

Machine learning lets us build algorithmic models that can analyze malware and create the ability to predict if something that has never been seen before is going to be malicious.

We have now built, and will continue to evolve, dozens of different AI models including malware detection, EDR threat indicators, business email compromise detection, and more.

Our Sophos Labs AI team is staffed by more than 20 people with a long history of cybersecurity AI research and application. You can read more about Sophos AI here and follow the Sophos AI stream on Twitter.

A recent article mentioned the importance of securing endpoints as the future of cybersecurity. A report from Verison also gave a snapshot of current cybersecurity issues. In APAC, threats to web applications and crimeware are targeting financial data, payment records and sensitive data of users. What’s your take on all this? How is APAC coping with a multitude of threats?

The important thing to point out is that the cyber threat landscape is constantly evolving and organizations need a cybersecurity system that incorporates different solutions that work together to protect all vulnerable areas of the business to ensure there are no chinks in the protective armor.

The Sophos Labs 2020 Threat Report focuses on six areas where researchers noted particular developments during this past year. Among those expected to have significant impact on the cyber-threat landscape into 2020 and beyond are the following:

Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable back ups in order to cause maximum impact in the shortest possible time. (58% of Malaysian businesses experienced a ransomware attack in the past 12 months.)

Unwanted apps are edging closer to malware. In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming brokers for delivering and executing malware and file-less attacks.

The greatest vulnerability for cloud computing is mis-configuration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk.

Combined with a general lack of visibility, this makes cloud computing environments a ready made target for cyber-attackers. (The Sophos State of Cloud Security 2020 report shows that 73% of Malaysian organizations had a cloud security incident in the last year with 74% of these attacks resulting from attackers exploiting a mis-configuration.)

Machine learning designed to defeat malware find itself under attack. 2019 was the year when the potential of attacks against machine learning security systems were highlighted.

Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering.

At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future.

Other areas covered in the 2020 Threat Report include the danger of failing to spot cyber-criminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP), and the further advancement of automated active attacks (AAA).

It has been stated that autonomous endpoints that can self heal and regenerate operating system and configurations are the future of cybersecurity. Does SOPHOS have features like this in their solutions for the marketplace?

Self-healing Operating Systems are the purview of the Operating System Vendor. The issue then is the old adage of “who is watching the watchers?”. That’s where third parties like Sophos shine.

If vendors do continue down this path, Sophos will assuredly invest in protecting the processes and components that perform the self-healing. These processes and components will become the target of hackers who want to disable or manipulate them.

This doesn’t change our cybersecurity as a system approach. A single endpoint may have an operating system that can self-heal, however that may be addressing the symptom and not the problem.

A cybersecurity system where endpoints, servers, firewalls, etc all share data and threat information is just as important in the world today and in a world where an operating system can self-heal.

Finally, what do you see in your crystal ball? What’s next for SOPHOS as we all navigate through this New Normal? How are things changing for the company? Are there any learnings or recommendations or that you can share with our readers?

As a worldwide leader in next-generation cybersecurity, Sophos will remain busy working with customers large and small to protect them from the “new normal’s” most advanced cyber threats.

Whether employees are working from home or in the office, it is imperative that cybersecurity vigilance is at its highest, especially when cyber criminals use times like these to lure unsuspecting victims into their traps by leveraging the current state of uncertainty.

My advice to your readers is that no matter the size or type of your business, you have assets that are valuable to attackers so you must protect these with the best security tools and processes, while at the same time educating your employees to be cyber-aware at all times.

Follow Asia Blockchain Review on:

About the author
Anil Prabha

Editor In Chief

Anil started his career in journalism all the way back in 2003. After traversing the sphere of editorial, corporate communications and advertising, he has now come full circle and is back in the world of journalism. He believes in the power of the written word, and its ability to enthrall, delight and inform the reader.

    Related Article
    Stablecoins: The Technological Game Changer Of Our Times
    Central banks will include stablecoins as part of their fiscal policy tool boxes regardless of wheth...

    September 20, 2020

    Myanmar’s Digital Transformation During COVID-19
    While being affected adversely by COVID-19, information and communications technology have seen a su...

    September 20, 2020

    New Cyberattacks Targeting U.S. Elections – Microsoft Blog
    In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in ...

    September 19, 2020

    Mastercard Launches Central Bank Digital Currencies (CBDCs) Testing Platform
    Innovative virtual and custom testing platform allows central banks to evaluate use cases and test r...

    September 18, 2020

    We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us