NC1801
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
OPINION<br />
THE DEATH OF THE SIGNATURE<br />
THE SECURITY INDUSTRY HAS HAD ITS HEAD DOWN FOR TOO<br />
LONG. CHAD SKIPPER, VP AT CYLANCE EXPLAINS HOW AI AND<br />
MACHINE LEARNING ARE MAKING ANTI-MALWARE SOLUTIONS<br />
MORE EFFECTIVE<br />
For decades, the entire anti-malware<br />
industry has been built on a<br />
reactionary sacrificial lamb,<br />
depending on the infection of patient-zero<br />
with malware before it can be detected<br />
and predicted. Once discovered, more<br />
time elapses as a signature is generated<br />
and sent to the AV provider's knowledge<br />
base to protect other customers lucky<br />
enough to have installed their solution -<br />
and this is the anti-malware industry's<br />
greatest weakness.<br />
This model only offers a reaction to what<br />
is already known. Due to the steady rise of<br />
unknown threats and attackers' new<br />
techniques, organisations have somehow<br />
ignored the fact that preventing cyber<br />
infections requires a lot of research,<br />
imposing a delayed response time. In fact,<br />
this process can take up to 12 hours for a<br />
security team to identify a new threat and<br />
release an identification signature. That is<br />
an eternity. Relying on continuous updates<br />
to protect endpoints from malware is like<br />
installing a web browser that requires<br />
constant patching to locate new websites.<br />
THE ESSENCE OF TIME<br />
The sheer volume of malware released in<br />
the wild is drowning the legacy antimalware<br />
industry, making a mockery of its<br />
reactive approach. With statistics showing<br />
that an average of 300,000 to 1 million<br />
malware samples are created daily, it's<br />
understandable that organisations want<br />
new security solutions to help solve<br />
security challenges.<br />
Artificial intelligence and machine<br />
learning offers hope for next-generation<br />
anti-malware products. But can they really<br />
help organisations stay ahead?<br />
INTELLIGENT SOLUTIONS<br />
With a greater demand for security, what is<br />
needed is more than just another tool,<br />
technology, solution, layers, or best<br />
practice. Instead, a radical new way of<br />
thinking is required to redefine the security<br />
industry. That's where proactive, predictive<br />
and preventive protection comes into play.<br />
Artificial intelligence (AI) and its<br />
mathematical subset, machine learning,<br />
are radicalising the old world mode of<br />
cybersecurity, allowing industry and<br />
security professionals to stay ahead.<br />
Machine learning uses algorithms to build<br />
models that uncover patterns and<br />
continually refine them through its<br />
learning capability. This allows<br />
organisations to make better decisions at<br />
a speed and scale that surpasses human<br />
capabilities, derived from its ability to<br />
predict from its experience.<br />
Every malware leaves its DNA, so by<br />
collecting this DNA and analysing it, both<br />
good and bad patterns can be found.<br />
WannaCry is a great example of the<br />
benefits of machine learning algorithms<br />
for security. The ransomware was new and<br />
most traditional AV solutions missed it.<br />
However, the code that loaded was<br />
predictably bad, so a machine learning<br />
algorithm would have caught it<br />
immediately. One of the marvels of<br />
machine learning is that unlike human<br />
analysis, once malware is deconstructed,<br />
views of statistically similar blocks of DNA<br />
code can be analysed to confirm the<br />
presence of malicious code without having<br />
to execute it first.<br />
AI applications that use machine learning<br />
algorithms can determine malicious files<br />
through observation, pattern recognition<br />
and predictive analytics. This means that<br />
both existing and zero-day threats can be<br />
prevented. To achieve a surpassed level of<br />
success, machine learning algorithms can<br />
be placed on an endpoint to conduct preexecution<br />
static analysis and quickly<br />
identify malicious files. Instead of relying<br />
on cloud-based analysis techniques, the<br />
endpoint can venture off-network and<br />
benefit from the same level of protection<br />
because the algorithm runs on the<br />
endpoint. Unlike signature-based<br />
techniques requiring network connectivity<br />
to obtain frequent updates, machine<br />
learning algorithms can run off-network<br />
for months at a time and still be more<br />
effective than fully updated signaturebased<br />
products.<br />
Artificial Intelligence and machine<br />
learning technologies make a real<br />
difference to how fast organisations can<br />
respond to threats. Indeed, such<br />
technologies help security teams to<br />
identify the characteristics of unknown<br />
threats, protect themselves, and stay at<br />
least one step ahead. NC<br />
34 NETWORKcomputing JANUARY/FEBRUARY 2018 @NCMagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK