Machine Learning is extremely valuable, and serves as an effective, and quite frankly, mandatory tool to protect against both known and unknown malware.


ML as an Enabler to Threat Hunting

Using our platform to scout vulnerabilities and attacks, our Threat Hunters terminate harmful processes, delete malware, or quarantine infected machines, as discovered. Our elite team has the technology to respond in real-time, before your systems are impacted, or your intellectual property lost. More often than not, you won’t even know what happened as we’ll have it under control. But of course, our transparent reporting will keep you advised of activity post-event.

How ML helps stop the malware testability problem that traditional AV can’t

For malware to be successful, it needs to be tested.  Malware authors create new malware strains and run them through the underground FUD systems - including AV - to ensure they are not detected by any of the major vendors. Once they believe their new strain is not going to be detected, they’ll launch it. Testable AV will usually miss the attack, and the ransomware cycle continues.

Unlike AV, attackers cannot test against a well-structured MDR without giving away at least some of their secret evasive techniques.  ActZero’s machine learning models are constantly on the watch for abnormal behaviours, scripts, code, or techniques.

Machine Learning Provides a Better Defense Against Malware

An effective anti-malware solution needs to be great at detecting known malware, but also capable of preventing unknown or zero-day malware. This is where ML is most valuable.

ML works because it understands and identifies malicious intent based solely on the attributes of a file — without prior knowledge of it, without signatures, and without needing to execute the file to observe its behavior.  We benefit from CrowdStrike’s ML engine, for example, was able to block Shammon2, WannaCry and NotPetya, without any updates. And regularly achieves a 99.5 percent detection rate.

Look for the Right ML to Protect Your Endpoints

Avoid Legacy AV: Products that rely on legacy signature-based techniques alone, whether they use their own AV engine or OEM someone else’s, should be ruled out automatically, even if they claim to be “next-generation.” Those products provide the same incomplete malware protection as traditional signature-based engines.

ML engine location: If an ML is only in the cloud, the endpoint won’t be protected when offline, opening another gap in protection. Machine learning engine needs to reside on the endpoint itself to offer full protection.

ML Model Training: Not all machine learning models are created equal. A poorly-trained model will produce incorrect predictions, generate a flurry of false positives, and as a result, undermine protection efficiency. Our models are constantly trained to reduce false positives, so that our threat hunters are left handling investigations only where necessary - resulting in less false alerts to you.

Machine Learning capability is an Indicator of Security Effectiveness

A comprehensive endpoint security solution must not only include ML, but also combine complementary technologies, such as exploit prevention and behavioral analysis. This ensures the ability to protect against all types of attacks — whether malware is used or not.  ML is a key enabler of security effectiveness.

quote
1/
Previous
Next

Materials and Guides to Help You on Your MDR Journey