FireEye Infuses Machine Learning into Endpoint Security
FireEye has become the latest provider of IT security technologies to incorporate machine learning algorithms into their portfolio.
Unveiled this week, MalwareGuard adds a machine learning-based detection and prevention engine to FireEye Endpoint Security solution to make it possible to respond immediately to zero-day attacks, said Phil Montgomery, vice president of product marketing for FireEye.
MalwareGuard is now the fourth engine to be added to the FireEye Endpoint Security Solution, which makes use of a single agent to combine behavioral analytics and signature-based cybersecurity software to combat more advanced forms of malware known as advanced persistent threats.
Other new capabilities added to the FireEye Endpoint Security Solution include a Policy Manager, to control access based on roles; a cloud-based identity and access management service to authenticate end users; and an update to the FireEye Workflow Update that adds more context to alerts.
The addition of MalwareGuard means that FireEye is also now bringing to bear artificial intelligence (AI) technologies to combat malware.
Montgomery said AI technologies in the months and years ahead will go a long way to alleviating a chronic shortage of cybersecurity personnel. AI models soon will automate many of the rote tasks that cybersecurity personnel have to manually perform today, which he noted will free many of them to hunt for cybersecurity threats that are becoming ever more sophisticated.
Achieving that goal, however, will require more reliance on IT vendors to train those models. AI models based on machine- and deep-learning algorithms require access to massive amounts of data to be trained. IT security vendors that can collect malware samples from hundreds of thousands of endpoints, such as FireEye, are a primary source for that data, Montgomery said.
FireEye MalwareGuard, for example, is the result of a two-year research project involving real-world incident responses, resulting in a system capable of classifying malware without human involvement. The machine learning model is trained using a variety of data sources, including data gathered from more than 15 million endpoint agents. That data has been augmented by attack analyses based on more than 1 million hours spent responding to attacks to date, spanning 200,000 consulting hours every year, Montgomery noted, adding an internal IT security team is not going to have access to that same level of data or analytics.
AI models are not going to automate every cybersecurity task magically overnight. Each instance needs to be trained about the specific environment it is deployed in. In time, natural language processing coupled with speech interfaces will make it possible to interact verbally with an AI model in much the same way people use digital assistants such as Alexa or Siri from Amazon and Apple, respectively. The only real difference is that the IT security vendor’s digital assistant not only will never forget what it learns about the IT environment, it also won’t quit to take a better-paying job or require sick leave.
