Artificial Intelligence Makes Anti-Malware Solutions More Effective

According to iT-Cube Endpoint Protection Solutions Report

In July, iT-CUBE Systems, a German MSSP based out of Munich, released a report on the results of testing and subsequent analysis of endpoint security solutions undertaken by the firm.

The test was performed in an effort to understand the capabilities of so-called “Next-Generation Endpoint Security” (NGES) products, which claim to utilize artificial intelligence (AI) to prevent malware from infecting the systems they protect.

In addition, the test also compared ‘conventional’ antivirus solutions, which are represented by established brands and products that only recently integrated AI into their platforms, if applicable, to these NGES products, to understand just what the benefits of using AI to boost anti-malware performance are.

Testing Overview

Among the products tested by iT-CUBE, there were two groups, as mentioned: NGES products and ‘conventional’ products, which may not even offer AI as a part of their anti-malware platform.

The NGES products tested were:

  • CylancePROTECT®
  • PaloAlto Networks Traps
  • Sophos Endpoint Protection 2017 with Intercept X

The “conventional” systems under test were:

  • Kaspersky Endpoint Security for Business
  • McAfee ENS
  • Symantec Endpoint Protection 14
  • TrendMicro OfficeScan Endpoint Protection
  • Microsoft Windows Defender

In iT-CUBE’s test, nearly 4,500 individual malware samples of many types – ransomware, trojans, etc. – were employed to test the products in two phases. Among these samples were instances that were mutated or repackaged, so as to defeat simple static analysis methods employed by the product agents.

In addition, different threat scenarios were utilized over the course of the firm’s test, making the test a more thorough and robust evaluation of the products. From varying the levels endpoint cloud connectivity, to limiting agent definition updates and simulating zero-day sample freshness, many considerations were taken in designing the test.

Victim resource consumption was also measured, to include RAM and CPU utilization both (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Chad Skipper. Read the original post at: