Evolving Threat Detection With Deep Learning

Innovation is essential to business survival. Without it, businesses end up like Blockbuster and Eastman Kodak instead of Netflix or Apple. No one understands innovation better than cybercriminals. They are constantly creating new ways to bypass threat detection to gain access to your network and your data.

According to Verizon’s 2019 report, 71% of data breaches were financially motivated while 25% were espionage-related. Of the attempted breaches:

  • 52% involved hacking
  • 28% included malware
  • 33% used phishing or social engineering

With an estimated 2,244 hacking attempts per day, keeping your network safe means staying current on the best cybersecurity solutions. However, sometimes that means making a change.

Deep Learning

Deep learning is a subset of machine learning that uses neural network technology to imitate human thinking and learning. When neural networks were first used, there was insufficient computing power to use the technology in complex situations. With advancements in technology, larger, more complex neural networks learn and react to complex situations faster than humans.

Deep learning solves pattern recognition problems without human intervention. Facial recognition is an example of deep learning. Using algorithms that mimic human thinking, compare facial features are compared to a database of faces. The result is a selection of possible matches. The more extensive the database, the more accurate the results. Applying that same technology to cybersecurity means recognizing potential threats and stopping them before they have time to execute.

Threat Detection

Traditional machine learning requires programmers to define what constitutes a threat. Thus, each time a new threat appears, the application updates with a different set of parameters to detect the new threat. With deep learning, the data is labeled as a threat or not a threat. The system trains to identify what constitutes a threat and learns the data points that best represent a possible threat. Two components are essential for deep learning to successfully detect a malicious threat:

  • Data
  • Algorithms

Of course, a system with sufficient computing power is required to process the massive amounts of data and validate the algorithms.


Information is the basis of deep learning. For the technology to assess a potential threat, it needs to know what has happened in the past in order to predict the future. In cybersecurity, the more data points a solution has, the more likely it is to assess and defend against a threat.


In threat detection, algorithms are sets of rules used to complete a task or process. Further, use the results of one algorithm for other algorithms to produce or predict an outcome. Determining the best algorithms to use throughout the detection process is crucial to identifying threats.

Deep learning models analyze data in layers, receiving input from multiple sources. By combining the inputs, deep learning can find combinations that would go undetected by humans and traditional machine learning models. With its ability to process large amounts of data, it can more accurately predict today’s threats while continuing to learn about tomorrow’s.


Sophos began doing business in 1985, making it one of the originators of intrusion detection. Like many of the originators, Sophos employed the traditional anti-virus method of a threat database for identifying potential viruses. Using its Sophos Labs, the company was able to maintain a database of existing and newly identified viruses.

Sophos continues to use its extensive database but has expanded its solution to include deep learning tools. Its Interceptor X Endpoint Protection system with deep learning stops unidentified malware, unknown virus variants, and potential ransomware attacks. It learns the threat landscape by processing millions of data points, using validated algorithms. With its cloud-computing architecture, Intercept can make faster and more accurate predictions than more traditional solutions.


As long as cybercriminals create innovative ways to exploit their victims, businesses need to deploy solutions that maintain that same level of innovation. That’s why 101 Digital is moving to Sophos’ Interceptor X Endpoint Protection for its clients. Contact us for more information on Sophos’ endpoint protection solutions.