InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
Machine learning is on everyone’s lips. For years, artificial intelligence and neural networks were but a dream for the geeks. Nowadays, machine learning is an essential component in the detection of advanced malware. However, if it must be effective, it must be combined with solid cyber threat intelligence. In this post, we show you what really lies hidden behind the name, and what opportunities does machine learning offer to your enterprise.
It is hard to think of today’s life without machine learning. Only a few years ago, self-learning software belonged to the Universities, research institutions and a few technology enterprises; today it can be found more and more often into everyday products and solutions. For instance, smartphones with speech recognition, such as the iPhone or any of the Google devices, are largely driven by machine learning algorithms; the same goes for face recognition in photo management, or spam filters in PCs. Also to achieve effective and efficient cyber defence, it is hardly possible to do without machine learning. But what does “machine learning” actually mean?
To put it simply, machine learning is the art of making a computer do useful things, without having to programme it explicitly. Which means that the computer generates knowledge from experience, on its own just like people do, and therefore it can find solutions for new, previously unknown problems. So the target of machine learning is to connect data intelligently, recognising dependencies, drawing conclusions and making predictions. In this way, self-learning machines are able to take up tasks that would be too complex for people to achieve. For instance, in medicine, self-learning programmes help detecting cancers and suggesting therapies – often outperforming the best human experts.
This capability of processing complex dependencies between the input and the output of vast quantities of data, is one of the main advantages of machine learning. And this is exactly what we need nowadays, in the detection of attacks.
All over the world, enterprises are constantly exposed to cyber-attacks. To protect themselves, they employ Intrusion Detection Systems (IDS), firewalls, strong authentication and several other security measures. However, such systems only provide attack-related information, and can only say very little about what is likely to be the attacker’s next move. But this is exactly the most important information we need, if we want to fight off security incidents. And even if we should know what to expect next from an attacker, it would be of little help with traditional, reactive security measures. If we have to be at all times prepared for cyber-attacks, we need a new approach to breach detection, that is, one that is based on artificial intelligence (AI). This is out only chance to act proactively, and keep one step ahead of the attackers.
Let us try sketching out a checklist, tailored to a specific infrastructure, to help recognise a security incident in a network. For instance, we might ask ourselves:
Answering the questions above will be hardly possible, without the appropriate security tools; and as long as enterprises will concentrate themselves only on a purely reactive approach, they will always lag at least two or more steps behind the attacker. Surely you do not wish this to happen to you!
In order to effectively predict an attack, we need the efficient and precise processing of enormous quantities of data. The early attempts at attack prediction, however, have been quite disappointing. Both the quantity and the quality of the available data, and the capability to process and analyse vast quantities of information, ended up overburdening most solutions. The first breakthrough in machine learning came only a few years back, by exploiting the opportunity of parallel processing offered by graphic processors (GPUs) which in fact had been developed for the gaming industry. Graphic processors are made of thousands of computing units, and compared with classic CPUs they are indeed much faster. You can read more about artificial intelligence in a previous post in our blog.
The quality and quantity of information available today, are by far much better than just a couple of years ago; and luckily so is our capability to analyse them by machine learning. For instance, by exploiting the experience of past cyber-attacks, the latest malware recognition technologies can predict the tactics that are most likely to be used in a given scenario. Therefore, today’s analysis engines make it possible to predict the cybercriminals’ next steps.
Make your choice today, and switch to a proactive cybersecurity strategy. By employing the latest analytical security technologies, you can quickly make enormous steps ahead in this field. Read more about how Lastline Enterprise can protect your enterprise against the most advanced malware-based attacks. The innovative concept adopted by Lastline will extract suspicious programmes and analyse them in detail in the Next Generation Sandbox; at the same time, network traffic will be constantly watched for Indicators of Compromise (IoCs), which are continuously kept up-to-date through several specific databases.
Lastline is the first and only company that scored 100% in a NSS Breach Detection Report on all domains with no false positives. NSS Labs suggests, for the second time in a row, the use of Lastline for breach detection.
Erfahren Sie mehr im detaillierten NSS Labs Report. Hier geht's zum kostenlosen Download:
Read more in the detailed NSS Labs report, which you can download for free from here: