Sophos Adds Deep Learning to Email Security Offering

Sophos has announced a major update to its email security offering to help customers detect and block sophisticated new email threats. Sophos Email Security Advanced now incorporates deep learning and predictive security for active threat protection along with outbound scanning, anti-phishing email authentication, and policy support.

According to Sophos research, 75% of malware variants that make it past perimeter defenses are unique to an organization, which suggests most successful malware attacks involve new malware variants that have never before been seen. The problem with signature-based email security solutions is that they are only effective if a signature exists, which means new malware variants are rarely identified as malicious.

Sophos has tackled this problem with the incorporation of a deep learning neural network into its sandboxing technology. This helps the solution detect never-before-seen threats, making it less reliant on malware signatures.

CryptoGuard technology has also been incorporated into the sandbox, which provides additional protection against ransomware attacks – the majority of which occur via email. The email security solution also scans embedded hyperlinks at the time of click – a strategy that Sophos claims helps to prevent delayed and stealthy attacks.

While many email security solutions only scan inbound messages, Sophos Email Security Advanced now also features outbound email scanning. This is an important control to help prevent the spread of malware within an organization. Many malware and phishing attacks attempt to spread malware to as many devices as possible, with email often used to send copies of the malware to work colleagues or partner organizations. Outbound scanning helps to limit the scale of an attack and protects an organization’s reputation.

To improve protection against impersonation attacks – such as business email compromise scams – Email Security Advanced incorporates SPF, DKIM and DMARC email authentication techniques and header analysis to verify that the sender of the email is authorized to use the domain. Through the DMARC controls, users can determine what happens to the emails that fail these checks: report, quarantine, or delete.

Policy support has also been included, allowing different controls to be created and applied at the individual, group, and organization level.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of