IN-DEPTH: As the war against malware rages, smart software could be the key to getting ahead of hackers
It will come as no surprise to anyone familiar with the technology world that the rate of cyber attacks, the development of malware, and the exploitation of zero-day flaws makes is very difficult for IT teams and security specialists to keep up with let alone get ahead of cyber threats.
Research from Symantec noted that nearly one million new malware threats emerge daily, and while there are many tools to make detecting rogue code an easier process, dealing with such an enormous amount of new threats appears to be an almost insurmountable task even for the best security teams and anti-virus systems.
The answer to this, and the potential future of cyber security, looks to be the use of machine learning and artificial intelligence (AI) to apply clever computers and smart software to a problem that leaves humans on the back foot in the fight against hackers.
Machine learning roots out threats
Rather than sift through data harvested from across IT networks, machine learning algorithms can be trained to detect certain malware and threat signatures and proactively sniff out threats, bypassing the need for cyber security experts to disappear into a warren of file paths and scripts to find tell-tale signs of malware.
Webroot is one such cyber security company applying machine learning techniques to power its threat intelligence service without requiring resource sapping and time-consuming manual processes.
The firm initially trains its BrightCloud service, which as the name would suggest is a cloud-powered threat intelligence service, to spot and classify malware threats from normal activity on an IT network. These machine learning algorithms are then put into action where they parse a network for malicious code and assign it a value that indicates how likely say a file is to include malware.
BrightCloud also takes anonymised metadata on the threats it detects on its customers’ networks and mixes it with other threat information for the system to learn from all the threats it picks up rather than the ones solely on individual customer networks. This means threats detected in one company can be mitigated in another and vice versa thanks to the machine learning capabilities.
Through a combination of pre-trained classification parameters and learning as it goes along BrightCloud takes care of the more trivial side of cyber security allowing IT teams and security specialist to concentrate on higher level concerns and threats.
With this in mind, it is no wonder David Dufour, senior director of security architect at Webroot, is confident in the role machine learning has to play in cyber security.
“Cybercriminals have mastered the art of defeating traditional security solutions,” he said. “As the cybercrime ecosystem continues to thrive, real-time threat intelligence and machine learning will be required to improve the security posture of enterprise networks.”
Webroot is not the only company making use of machine learning to improve its threat detection software; Darktrace is also in on the smart software game.
WHITEPAPER: Windows 10, EMM, and the Future of PC Security