LATEST INTELLIGENCE
PREDICTIVE MALWARE RESPONSE TEST
A
common criticism of computer
security products is that they
can only protect against known
threats. When new attacks are detected
and analysed, security companies produce
updates based on this new knowledge, which
can then be applied to endpoint, network
and cloud security software and services.
But in the time between detection of the
attack and application of the corresponding
updates, systems are vulnerable to
compromise. Almost by definition, at least one
victim – the so-called ‘patient zero’ – has to
experience the threat before new protection
systems can be deployed. While the rest of us
benefit from patient zero’s misfortune, patient
zero has potentially suffered catastrophic
damage to its operations.
Minority report
Security companies have, for some years,
developed advanced detection systems,
often labelled as using ‘AI’, ‘machine
learning’, or some other technical-sounding
term. The basic idea is that past threats
are analysed in deep ways to identify what
future threats might look like. Ideally, the
result will be a product that can detect
potentially bad files or behaviour before
the attack is successful. It is possible to test
claims of this type of predictive capability by
taking an old version of a product, denying it
the ability to update or query cloud services
and then exposing it to threats that were
created, detected and analysed months or
even years after its own creation. It’s the
equivalent of sending an old product forward
in time and seeing how well it works with
future threats. This is exactly what we did in
this test. Using CylancePROTECT’s AI model
from May 2015, we collected serious threats
dating from February 2016 all the way
through to November 2017. n
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
25