Legacy approaches to cyber security rely on threat signatures and blacklists for cross-referencing known threats. Shortening malware lifespans greatly reduced the efficacy of such approaches over time, though, and the advent of polymorphic malware has all but finished them off. In 2017, 93 percent of the malware Webroot encountered had never been seen before, making nearly all malware essentially invisible to static threat lists.
So is machine learning the answer to a shifting threat landscape, or are hopes that it’s the good guy’s best hope for staying ahead of hackers misplaced?
What Is Machine Learning?
As technology advances, managing and analyzing massive data sets can no longer be accomplished by humans alone. It requires huge amounts of memory, storage, and the high-speed processing power of the cloud. Machine learning is a process that applies advanced mathematical algorithms and powerful computing capabilities to quickly and efficiently analyze data sets and identify patterns. In the case of IT security, correctly determining patterns helps create accurate predictions and detect behaviors that may be associated with malware or other attacks. Doing so in real time (or as near to real time as possible) can help prevent successful breaches.
Making Machine Learning Work
It's more important than ever for organizations to be proactive in preventing security issues and attacks. Although human analysis and classification alone aren’t feasible solutions anymore, companies can get ahead of the threats by augmenting existing defenses with real-time dynamic intelligence leveraging advanced machine learning.
But to create an effective system of learning, you have to start with a data set that's both large enough and diverse enough for the algorithms to see patterns. Pattern recognition is used to make predictions and perform statistical analysis on the data set as a whole. Supplying a substantial, broad data set is crucial to enabling the machine to learn, adapt, and produce the desired output.
Today, the most advanced machine learning platforms incorporate human feedback loops (active feedback) and active learning. Through active learning, they can become self-improving, and essentially evolve on their own. Active learning, scale, and accurate classifications can also be employed to drive predictive analytics, combining or contextualizing information on different threat types across systems and domains to accurately predict where new threats will originate.
Why Machine Learning Changes the Game
When applied to information security, sophisticated machine learning provides fast and accurate threat detection, including zero-day and previously unknown threats. Advanced heuristics allow machine learning models to help determine in near real time if a file, URL, IP, or application is a threat, and then communicate that information broadly.
Effective machine learning is also one of the only ways for organizations to keep pace with today's volume of threats. Cybercriminals are constantly developing new methods and approaches. In order to successfully discover and block today’s polymorphic malware, ransomware, phishing attacks, and other advanced threats, billions of events must be analyzed daily. Machine learning analytics need to be trained to look for modern attack techniques like polymorphic malware.
Leading threat intelligence platforms are cloud-hosted and can process tens of thousands of requests per second per CPU. They classify and reclassify billions of IP addresses across hundreds of millions of domains, IP address and file behavior records, tens of millions of mobile apps, and millions of connected sensors.
Finally, machine learning is capable of delivering consistent, dependable results and even predicting future threats. To be successful, security intelligence must be continually published and updated, and machine learning database architectures are designed for extremely fast updates. With continuous updates, for instance, machine learning can identify a negative change to a web reputation score in fractions of a second. Contextualization also helps machine learning-based threat intelligence learn how known bad and known good objects communicate with other online objects, allowing machine learning algorithms to make predictions about unknown malicious files.
Machine learning technology is now emerging as a critical component across all of the various domains of cyber security. By using advanced machine learning to automate contextual associations across all domains, organizations can shift from a reactive mode to a predictive and preventive mode, taking their cyber security into their own hands.
The Webroot Difference
While machine learning continues to gain recognition in cyber circles as a key technology in the fight against malware, Webroot has long been off and running down the machine learning path. Contextual analysis and predictive analytics are only as good as the dataset they reference, and Webroot already has more than a decade of data gathered from millions of licensed endpoints the world over. The Webroot BrightCloud® Threat Intelligence platform is an advanced, cloud-based security platform with a contextual analysis engine for correlating information to gain deep insight across the online threat landscape. It continuously scans the internet and incorporates inputs from millions of sensors to quickly and accurately identify previously unknown threats. And it's already at the service of millions of Webroot customers around the globe.
Handpicked for you:
By Lily Teplow
By Brian Downey
By Dave LeClair