How AI can stop tomorrow's malware threats today
- 12 October, 2017 02:00
The traditional approach of fighting malware has always been reactive. A new attack is released, it infects a few companies, and antivirus vendors race to issue an update. Some organizations may get the update before the malware makes its way in, but many will not. Obviously, this isn’t an ideal situation as the good guys are always chasing the bad guys.
If you were Marty McFly, you could fire up the old flux capacitor with 1.2 Gigawatts of power, jump ahead in time and bring updates back with you so you’re ready for WannaCry, Qakbot or, my favorite, Zeus. Fortunately, there's another way to stop attacks before they impact anyone, and that’s to use artificial intelligence (AI) based systems.
Today, AI and machine learning are being used to power more things in our lives than we're even aware of. Amazon knows what people want to buy, autonomous vehicles can tell the difference between a tree and a person, and video analytics can pick a terrorist out of a crowd — all by leveraging machine learning. The reason we need to rely on an AI instead of people is because of the massive amounts of data that need to be processed and the speed at which machines can analyze data and connect the dots.
Combating malware is no different. Staying ahead of the bad guys can no longer be done manually. It requires looking petabytes of known good and bad data. For example, Cylance has analyzed millions of features in over billions of files. This is possible today because the cloud provides almost infinite compute power. Cylance leverages over 40,000 cores in AWS to run its massive and complex model and its algorithm that can shrink the model down to run autonomously on a PC or laptop.
One of the lesser-known facts of malware is that it’s usually derived from existing code and tweaked a little to evade most signature-based AV solutions. Each type of malware leaves an identifiable signature so if enough data is collected and analyzed the known good and bad can be discovered. More importantly, AI-based systems can safeguard businesses from future threats by running an almost infinite number of simulations on known malware, enabling it to effectively predict malware before it has been created.
To prove this out, Cylance ran its code against WannaCry and found that the version that was used in November of 2015 would have blocked the attack, almost 18 months before the malware was released. This prevents some company from having to be the sacrificial “patient zero” that first reports a problem. Another example: the October 2015 model of Cylance would have stopped the Zcryptor ransomware, seven months before the attack was launched.
This chart shows how CPA fared against a number of the better-known malware campaigns in recent history. AI-based systems predicted these anywhere from seven to 18 months before they were discovered.
It’s time for businesses to take the fight to the attackers and switch to an AI based security model that can protect the organization without requiring a handful of companies to be comprised before the remediation process can begin.