The new generation of virus protection using machine learning can enhance the security of a system significantly. But many do not dare to try and settle for a lower level of protection that is more vulnerable to intrusions.
To Day’s architecture of signature-based virus, protection relays on the fact that one user must first become infected to detect the threat. Maybe it was good enough in the past, but today it goes faster and faster with the development of new variants of malware. The market has begun to understand that the big players, with its old signature-based protection, is not enough to solve today’s problems, says Marcus Bengtsson, CTO of Secure Link.
One solution may be to go over to the anti-virus protection based on machine learning, – ML – who can catch even zero-day malware.
Secure Link has for several years worked with Cylance, which offers tools developed using Machine Learning. Its algorithm has today about 6 million different parameters that are studied by the program to determine whether to classify the file as malicious or benign. The efficacy is significantly higher than the traditional, signature-based, anti-virus programs.
Machine learning raises the threshold from intrusion
According to Marcus raises the protection based on the ML the threshold for hackers and other developers of malicious code significantly. To avoid detection, it is no longer enough to write new code, with an unknown signature. It takes considerably more time, resources and expertise to write something that has new characteristics, which the “trained” algorithm in an ML-based protection can’t recognise. It, therefore, becomes significantly cheaper and easier for those who have malicious intent to go after someone who has the traditional type of virus protection installed.
The increased security, however, has a price, the ML-based tools, such as Cylance, has about 4-5 times higher CapEx compared to traditional solutions. It is important to notice that the total cost will not be that much higher. The ML-based tools do not need the continuous updating, and management, as traditional antivirus protection requires. It also does not need as much capacity of the endpoint. The greatest benefit, however, is that the protection is proactive, you do not have to fix the damage because the intrusion attempt is prevented to a higher degree than before.
Biggest obstacle – not daring to test
– Today’s biggest obstacle to the introduction of the new generation of antivirus protection is that customers are afraid of change. You do not think that an algorithm based protection may work against new, previously unknown threats. Customers must have sufficient confidence in the new ML-based security solution for daring to test it. Says Marcus Bengtsson.