GPT-3 and Cybersecurity
Introduction The use of deep neural networks has significantly improved the performance of machine learning in fields such as image […]
Blog What we're working on now
A Natural Language Query Interface for XDR/SQL
Introduction Many organizations are transitioning their security management to the cloud, where it is much easier to collect and access […]
“You Don’t Do That Usually”: Detecting Anomalies in AWS IAM User Activity
Introduction Users may perform thousands of actions (events) per day in their Amazon Web Services (AWS) environments. This generates a […]
“LOL you’re not executing that”: Detecting Malicious LOLBin Commands
LOLBins (living off the land binaries) are executable files that are already present in the user environment, LOLBins (living off […]
That Escalated Quickly: A Model for Alert Prioritization
Hundreds of millions of events. Tens of thousands of triggered rules. A thousand incidents. Every week. That is the reality of the modern cyber threat landscape and the sheer volume of alerts that the Sophos MTR […]
Analyzing Security ML Models with Imperfect Data in Production
SophosAI team develops numerous machine learning models that get directly integrated to our products. Currently we have more than 30 models deployed […]
ELI10: A Regex, a Hierarchical Approach, and a Deep Learning Model Walk into a Bar
Previously in the ELI10 series, we went over our detector of malicious web content based on URLs: a lightweight deep […]
Killed By ML – URL Analysis with LIME
Introduction At Sophos we take a neural network approach to detecting previously unseen malicious and derogatory URLs. We use a […]
ELI10: Hunting for Malicious URLs with Character-level Embeddings and Convolutions
Introduction On any given day that we are happily browsing the Web, we are stomping around on a minefield. Malware […]
A machine learning approach to inferring the maliciousness of unknown IP addresses, autonomous systems, and ISPs
Introduction The machine learning-based detection technologies we build at Sophos AI rely on many information sources, including binary programs, system […]