Sophos to developers: who you gonna call? (for cyberthreat APIs)
Every company is now a software company, this much we already know.
But now, every company wants to be a developer company, well… that’s the emerging message from some of industrys newer and more established players.
Not content with being a ‘next-generation cybersecurity solutions firm’ (it’s words, not ours) Sophos is making a play for developer credibility.
SophosLabs Intelix is a cloud-based threat intelligence tool for software application development professionals to use when building applications. Secure ones, obviously.
The product allows developers to make API calls to it for what is described as ‘turnkey cyberthreat expertise’ — which, one assumes, means that Sophos has compartmentalised chunks of functional code capable of performing security-related analysis tasks.
Those tasks include the ability to assesses the risk of software artifacts such as files, URLs and IP addresses.
According to Joe Levy, CTO, Sophos, the platform continuously updates and collates petabytes of real-time and historical intelligence, including: telemetry from Sophos’ endpoint, network and mobile security solutions; data from honeypots and spam traps; 30 years of threat research; predictive insights from machine and deep learning models etc.
NOTE: A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorised access to information systems.
Using RESTful APIs, developers can use this technology with file submissions for static and dynamic analysis, queries on file hashes, URLs, IP addresses and Android applications (APKs) to answer questions like:
- Is this file safe?
- What happens if I open or execute it?
- Is this link safe?
- What happens if I call this URL?
SophosLabs Intelix is available through the AWS Marketplace and includes several free tier options.
Sophos CTO Levy describes this technology’s three key service features:
Real-time Lookups enable classification of artifacts with access to the SophosLabs intelligence by querying file hashes, URLs, IPs, or Android application thumbprints. Reputation scores identify known bad and known good files, as well as those in the grey area.
Static File Analysis uses multiple machine learning models, global reputation, deep file scanning without needing to execute the file in real time.
Dynamic File Analysis provides dynamic file analysis and classification capabilities through execution and instrumentation of submitted files in sandboxes, utilising the latest runtime detection techniques to reveal ‘true’ behaviours of potential threats.