Story image

Artificial Intelligence makes anti-malware solutions more effective

Article by Cylance contributor Chad Skipper

According to iT-Cube Endpoint Protection Solutions Report

In July, iT-CUBE Systems, a German MSSP based out of Munich, released a report on the results of testing and subsequent analysis of endpoint security solutions undertaken by the firm.

The test was performed in an effort to understand the capabilities of so-called “Next-Generation Endpoint Security” (NGES) products, which claim to utilize artificial intelligence (AI) to prevent malware from infecting the systems they protect.

In addition, the test also compared ‘conventional’ antivirus solutions, which are represented by established brands and products that only recently integrated AI into their platforms, if applicable, to these NGES products, to understand just what the benefits of using AI to boost anti-malware performance are.

Testing Overview

Among the products tested by iT-CUBE, there were two groups, as mentioned: NGES products and ‘conventional’ products, which may not even offer AI as a part of their anti-malware platform.

The NGES products tested were:

•   CylancePROTECT •   PaloAlto Networks Traps •   Sophos Endpoint Protection 2017 with Intercept X

The conventional systems under test were:

•   Kaspersky Endpoint Security for Business •   McAfee ENS •   Symantec Endpoint Protection 14 •   TrendMicro OfficeScan Endpoint Protection •   Microsoft Windows Defender

In iT-CUBE’s test, nearly 4,500 individual malware samples of many types - ransomware, trojans, etc. – were employed to test the products in two phases. Among these samples were instances that were mutated or repackaged, so as to defeat simple static analysis methods employed by the product agents.

In addition, different threat scenarios were utilized over the course of the firm’s test, making the test a more thorough and robust evaluation of the products. From varying the levels endpoint cloud connectivity to limiting agent definition updates and stimulating zero-day sample freshness, many considerations were taken in designing the test.

Victim resource consumption was also measured, to include RAM and CPU utilization both while idle and while interacting with a threat perceived by the individual product. This was done to give the consumer of the report a better idea about which products were making the victim system work harder – both when inactive and when cleaning up malware.

“The results of iT-CUBE’s test speak clearly: CylancePROTECT’s artificial intelligence model resulted in the highest malware prevention efficacy observed in the test.”

The ‘conventional’ products achieved very low levels of threat identification and prevention, while also consuming the greatest amount of system resources in both passive and active situations.

Meanwhile, the top NGES products, CylancePROTECT and Traps, handily outperformed the ‘conventional’ products, and significantly so, system resource consumption was much lower, while anti-malware efficacy was much higher.

While augmenting anti-malware tech with AI might boost a product’s capabilities, the best results, as shown by this test, come from the product that was designed with AI at its core. iT-CUBE specifically acknowledges the power and sophistication of PROTECT’s machine learning (ML).

“The maturity that the AI model has shown is extraordinary. One can certainly call this model the most advanced of all tested solutions.”

CylancePROTECT achieved the highest anti-malware efficacy of all the products tested, both NGES and ‘conventional,’ while consuming nearly the least amount of victim system resources. PROTECT was the only solution tested by the firm which successfully prevented infection by all the ransomware tested, nearly 50% of all malware in the test itself represented families of ransomware such as Petya, Locky, WannaCry, and others.

The report states as much: “Not all samples of ransomware were found by the solutions tested. CylancePROTECT was the only solution that could block and delete all ransomware samples before causing any harm.”

Another facet of CylancePROTECT’s tech which contributed to its measured anti-malware efficacy is its ability to act on malware before it even has a chance to execute: pre-empting malicious files from ever beginning their infection is a part of PROTECT’s ability to predict the nature of malware on the system before it can act.

Again, from iT-CUBE’s report: “A distinctive feature of CylancePROTECT was that the AI model acted, as the only Next-Gen solution, before the malware was executed, while Traps and Intercept X were not active until a malware was executed.”

Article by Cylance contributor Chad Skipper

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.