MSPs and their customers rely on software solutions to protect against both known and unknown threats. With the rapidly changing pace of cyberattacks, is prediction the key to protection?
Cybercrime is a lucrative business—so much so that criminal organizations work tirelessly to innovate and develop new forms of malware, phishing emails, ransomware, embedded code, and attack strategies that can avoid detection by security solutions.
Consider the following stats that demonstrate the increases in speed and execution we’re seeing:
- 67% of organizations saw an increase in impersonation attacks via email
- Phishing attacks grew by 40.9% last year
- Ransomware detections are up 500% over this time last year
As you probably already know, these increases don’t involve the same old malware and phishing emails from, say, two years ago; these are all brand-new attacks. In fact, 350,000 new malware variants are detected each day.
We’re at a point in the history of cyberattacks that using historical data along no longer can keep your customers secure. Instead, the protection you offer needs to work predictively, using both historical data and cutting edge tech to discover trends and determine potential threats before they have a negative impact on your customers. This is where we are today, and why you’re hearing so much buzz around artificial intelligence (AI) and machine learning (ML) being used by security solutions.
When thinking about what AI and ML actually do around security, verbs like analyze, correlate, reason, and identify normally are used. But the real question here is, “can AI actually predict the future?”
While AI and ML-based cybersecurity solutions can’t tell you when to buy a lottery ticket or what the winning numbers might be, they absolutely can accurately calculate and anticipate future of security incidents. And if you can anticipate an attack, then you can stop it before it happens.
Here’s how AI and ML actually do tell the future:
- They predict where attacks will occur – Some security solutions leverage collective threat intelligence data gathered from the millions of endpoints, sensors, etc. under management worldwide. In doing so, it’s possible to share details from one part of the world with the rest. So, if a new malware variant shows up in New Zealand one morning and a security solution’s AI engine determines that the malware is spreading, can essentially predict where in the world that malware might target next and take preventive action.
- They predict malware – The evolution of malware detection has led us to use AI and ML as a way to intelligently come up with rules that can be applied to never-before-seen malware. Think of it like this: let’s say you see an email that looks odd to you and you think it might be a phishing email. In essence, you’re making a prediction, albeit one that requires further inspection to confirm your suspicions. Security solutions that use AI and ML use algorithms that can come to a similar “something’s not right here” conclusion and trigger further investigation or appropriate action, even when the attack or malware variant is brand new.
- They predict future malicious behavior – Intelligent algorithms designed to monitor system and user activities on endpoints do some prediction, in that they can detect anomalous behavior and act accordingly. For example, if Notepad.exe launches an instance of PowerShell (which is very likely a case of a direct memory injection attack where the memory space used by Notepad has been taken over by malicious code), AI/ML-based security could anticipate that, if left alone, something truly malicious will occur, such as a remote access Trojan (RAT) being installed. It can then remediate immediately by killing the anomalous process, rather than waiting to see if the prediction comes true.
In the ever-evolving and fast-paced world of cyberattacks, it’s priority one for MSPs to recognize that they can’t keep up with the latest attacks on their own. Instead, they need to embrace solutions that leverage AI and ML as part of the solution to both respond to known threats and predict whether files and activities that have never been seen before could spell danger.
What's Next
I encourage you to start a free Webroot protection trial to see for yourself how our solutions can help you prevent threats and maximize growth: Endpoint Protection | DNS Protection | Security Awareness Training.
Guest blog courtesy of Webroot. Read more Webroot blogs here.