Paul Lipman, CEO at Cybersecurity company, BullGuard explains how its newly released product line is offering multi-layered cybersecurity using adaptive machine learning
Machine learning (ML) has become such a commonplace term in corporate marketing that it has crossed into buzzword territory. So many companies are using these terms in their product brochures, websites or even in their company names, that it has become challenging to identify fact from fiction. Are these technologies being utilised to deliver truly breakthrough capabilities and performance, or are they simply window-dressing to something more mundane? The answer in cybersecurity is absolutely the former!
The field of machine learning, which has been around since the 1960s, really took off in the last decade with the confluence of tremendous GPU-enabled compute power and new algorithm developments such as deep neural networks. This maturation of ML happened at just the right time for the cybersecurity industry. Over the last decade we have seen the volume, complexity and sophistication of threats increase exponentially. Historical techniques such as malware signatures, in which each malware sample or class of samples is recorded in a reference database, were quickly becoming insufficient to keep up with the escalating threat landscape. Vendors then developed heuristic-based approaches that rely on applying rules developed from expert human knowledge in order to ascertain whether a file or process is potentially malicious. This too has its limitations. Ultimately, we needed an approach that could learn to discriminate between “good” and “bad” efficiently, effectively and most importantly without requiring human knowledge or intervention.
Machine learning was first applied in anti-phishing, where relatively basic algorithms could be fed large corpuses of “known bad” and “known good” emails. Models soon achieved tremendous accuracy and low false-positive rates and ML became the standard approach for anti-phishing. However, the anti-malware category has orders of magnitude more degrees of freedom than email. Models are trained on hundreds or thousands of parameters across billions of files and processes. At BullGuard, we continuously train our models against all new files and processes that have never been seen before across our customer base. This enables our models to be highly effective at detecting previously unseen threats (referred to as “zero-day” threats), continuously learning and improving the protections that we provide to our customers.
This is not to say that malware signatures and heuristic engines are no longer needed. A true “defence in depth” strategy means never relying on a single approach to detecting and blocking threats. For example, in BullGuard’s just released 2021 product line, we combine a high-performance, low-footprint, traditional signature engine with a highly tuned heuristic engine and advanced dynamic machine learning. This ensures that we are providing customers with multi-layered protection – each layer contributing those aspects of security that it does best.
Despite its impact on cybersecurity, ML is not a panacea. One key challenge is that humans are typically the weakest link in cybersecurity. Even the best cyber defences won’t protect against someone inadvertently sharing their credentials or falling prey to a social engineering attack. Applying ML systems to defend against the accidental or deliberate insider threat is a growing area of investment and research, going beyond the detection of malicious files and processes to the much broader problem of detecting anomalous and potentially malicious human behavior.
There has been considerable concern regarding ML’s potential for automating work, creating unemployment and economic disruption. However, in cybersecurity the reality is the polar opposite. Alert overload has long been a major pain point for security and IT managers. ML removes the mundane work of sifting through countless alerts – and can proactively respond to cyber-events in real-time, bringing a human into the loop only when it makes sense to do so. This frees up security professionals’ time to focus on the truly important tasks, magnifying their impact and their value to the organisation.
Implications for the channel are exciting. Machine learning enables security vendors to provide improved protection to customers and entirely new classes of products to address their problems. These improvements will drive increasing demand for many years to come, creating a tremendous opportunity for the channel to sell, implement, advise and train customers to ensure successful deployment and usage. ML represents a true win-win-win for the channel, vendors and customers.
Read the latest edition of PCR’s monthly magazine below: