Sophos made a major plunge into machine learning-based predictive malware detection with the acquisition of Fairfax VA-based Invincea. The company has also indicated its plans to integrate both Invincea’s technology, and its channel.
Sophos determined that the acquisition of machine learning anti-malware capability was vital, because of its growing importance in the endpoint security space, and because Sophos had nothing of its own in that area.
“We have been focusing on next-gen technology, most recently with our anti-phishing product,” said Kendra Krause, VP of Global Channels at Sophos. However, we have not had a machine learning capability before this, because we have been focused on these other next-gen elements. That’s why for Sophos, from a technology standpoint, this rounds out a complete next-gen endpoint protection solution. Many other vendors offer piecemeal solutions. We want a complete solution.”
Given the state of today’s threat landscape, Krause stated that a machine learning AV capability has become a ‘must-have’ for endpoint security vendors.
“I believe that it has now become essential,” she said. “The way the threats are evolving now, machine learning has become a way to stay ahead of adversaries. For us, it is one of the essential pieces of the whole business.”
“Machine learning has become an essential element of any security strategy today,” said Anup Ghosh, founder and chief executive officer at Invincea. “The adversary we are fighting against is extremely innovative and constantly adapting. If we don’t have those techniques, we will always be behind. It has raised the bar on everyone.”
Invincea began as a Defense Advanced Research Projects Agency (DARPA) project, and spent four years developing and incubating that technology before becoming a commercial company.
“Machine learning isn’t something that a company can decide they want to do, and just get there overnight,” Ghosh said. “Multiple third party tests have proven that we are the best at this.”
Krause said that Sophos settled on Invincea as an acquisition goal because they concluded the same thing.
“We looked high and wide for the right fit for Sophos, and we felt this was the best match because Invincea had the most powerful machine learning protection out there,” she said. “We felt we had to get the best of the technology.”
Sophos has a significant MSP presence, and Invincea recently moved strongly into this space.
“We just launched a product offering – Invincea X-as-a-Service – which is really customized for an MSP- type offering, especially small business,” Ghosh said. “MSSPs are already beginning to strike those deals.”
“Our MSP community is very excited abut bringing this technology in, and we have gotten great responses from them as well as solution provider partners,” Krause said.
Sophos has done multiple significant acquisitions in the past, most recently its December 2015 acquisition of SurfRight.
“With SurfRight, we continued to run their product as a standalone product, while we worked on integrated it into the broader technology,” Krause said. “It became our Intercept X line. That’s what we play to do with Invincea as well.”
Integrating the Invincea channel is a more complicated proposition. While the Invincea channel is much smaller than the Sophos one, it’s a different type of channel, which actually has more presence than Sophos in some key areas.
“As a startup, we started with a direct sales operation, but we realized we had to have a channel to scale,” Ghosh said. “We didn’t build a volume channel. They were more like strategic partners, and were highly verticalized – federal, health care, financials – as well as covering certain regions.
“Sophos is in those verticals as well, but we are not as strong in them as Invincea,” Krause said. “This will expand our presence there.” There was not a lot of overlap between the Invincea channel and their own, she added.
At the beginning of this year, Invincea introduced a channel program, which has some unique features, like allowing partners to choose which tier they want to be in – bearing in mind, of course, that they need to maintain status to remain there.
“We also have something called the “Test Drive” program, which allows any prospect to get their hands on our technology, not just for a demo, but a full test,” Ghosh said. It uses an Amazon Web desktop that does not require infrastructure.
Both the Sophos and Invincea programs are similar in structure – in which certifications aren’t required at entry level, but are as you move up in tier.
“As you get to more advanced tiers, there is a need for certification, especially to do a Test Drive – but at the base level, there isn’t,” Ghosh said.
The channel program integration plan will be substantially similar to past integrations.
“The Invincea program will remain separate until there is an integrated product line and the Sophos channel community can purchase it,” Krause said. “At that point, we will then the bring Invincea partners into the Sophos program.”
They may bring some of the Invincea program features over at that point.
“I am always looking to add on and evolve our partner program,” Krause stated. “There is a lot we can always learn and if there are elements we can take out of that program, that’s great.”