skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


Security vendor Sophos has enhanced its offering in so-called next-gen endpoint protection (NGEP) with the acquisition of Invincea, which brings it a machine-learning capability. Ovum sees the “old guard” in endpoint security tooling up to outflank the NGEP newcomers.

NGEP should not be a standalone offering

Sophos is an established player in the security market. It is listed on the London Stock Exchange and has annual revenue in excess of $500m. Founded in 1985 as a developer of antivirus (AV) technology for business customers, it has expanded over the years to offer a broad portfolio that includes network security products and encryption.

Expansion and increased sophistication in the world of cybercrime over the last decade has led to AV signatures waning in their ability to protect endpoints, to the point where today they catch no more than 30% to 40% of malware. Invincea was founded 2009 and is one of a number of vendors created to address this situation with new approaches to endpoint security, as a result receiving the NGEP moniker.

In October 2016 Sophos launched an NGEP upgrade called Intercept X to its own and other vendors’ signatures-based endpoint security platforms, with capabilities such as root-cause analysis and signature-less threat and exploit detection. Now it has added machine learning to Intercept X with the acquisition of Invincea.

The NGEP vendors have grabbed mindshare by touting their capabilities as the sun sets on signatures, but over the last year the empire has struck back. Traditional players in endpoint from an AV background, from Trend Micro to Symantec and Intel Security/McAfee, have broadened their platforms to include NGEP functionality. They now champion signatures’ ability to block enough malware to reduce the “noise”, allowing the more compute-intensive NGEP to concentrate on advanced code. Sophos’s Invincea buy is the latest episode in this trend.


Further reading

On the Radar: Sophos Intercept X adds NGEP to endpoint security, IT0022-000807 (October 2016)

On the Radar: Invincea offers next-generation endpoint security, IT0022-000651 (March 2016)

On the Radar: CylanceProtect provides a next-gen approach to endpoint security, IT0022-000617 (February 2016)

On the Radar: SentinelOne, IT0022-000523 (October 2015)

“VirusTotal sets old guard against newcomers in malware detection, but is it good for customers?” IT0022-000712 (June 2016)


Rik Turner, Senior Analyst, Infrastructure Solutions

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now