Contents:
Here’s my topic for the month: AI in cybersecurity. From healthcare applications to online shopping personal recommendations (or even Spotify or Netflix, actually) and online banking applications, AI (artificial intelligence) is definitely a catalyst of the future and a true engine of technological progress and evolution. As for cybersecurity, it’s clear to me that AI only pushes security vendors forward, allowing us to take the fight against cybercriminals to fantastic levels.
Benefits of AI in Cybersecurity
Despite whatever challenges security researchers might face when introducing it into their products, the benefits of AI in cybersecurity are clearly terrific when it comes to the competitive advantage it offers in front of others on the market. AI provides the fuel for managing issues like the reactive nature of cybersecurity, the custom of many companies to rely on manual threat hunting, or even the simple reality of geographically distant IT systems (an issue that has actually become more obvious since the rise of WorkFromHome and WorkFromAnywhere models).
Does AI change the game?
By analyzing millions of events and detecting cyber threats that vary from malware to CEO fraud, AI and its subset, ML, excellently help cybersec vendors and their security teams mitigate human error (hence reducing the so-called threat alert fatigue), automate repetitive activities, and massively improve the threat response time and identify (or predict) new threats much, much faster.
- AI adds automation to the equation, simplifying tasks that would otherwise have to be done manually, which translates in: larger quantities of data deeply analyzed, much better accuracy of data interpretation, and hence an exquisite competitive advantage.
- AI greatly enhances the intelligence of existing products at any time and continuously adapts through progressive learning algorithms, which basically leads to new generations of cutting-edge cybersecurity solutions.
The Use of AI in Heimdal™’s Products
It should be a surprise to no one the fact that the Heimdal™ suite includes artificial intelligence as a core component and that we are also focusing on further enhancing it. AI is present in our Threat Prevention module for both Endpoint and Network (and, naturally, in the EPDR suite that includes the solution), in our Next-gen Endpoint Antivirus, and also in Heimdal™ Fraud Prevention, an email security solution that fights against business email compromise and financial frauds.
The DarkLayer GUARD™ DNS module that’s present in Heimdal™ Threat Prevention is fueled by our AI-driven Predictive DNS, being able to predict with a 96% accuracy whether a new domain is malicious or not and thus cutting down the communication between your systems and cybercriminals.
The Predictive DNS feature allows us not only to scan the traffic and protect our clients by blocking malicious domains (keep in mind that there is a multitude of methods through which the DNS can be compromised and that traditional reactive solutions simply do not cover DNS security), but also to ensure protection against apparently innocent “mistakes” like typosquatting would suggest. Our Threat Prevention module uses a technology called Word Embedding Layer to detect them.
The DarkLayer GUARD™ filter works in conjunction with our VectorN Detection™AI-based traffic pattern recognition engine to provide HIPS/HIDS, IOA/IOC, but also malware detection capabilities that are fully independent of code and signatures, making it very easy for you to hunt, detect, respond to, and prevent APTs, data leaks, ransomware, and network malware.
The AI in our Next-Gen Endpoint Antivirus powers heuristic, behavior-based engines that monitor processes and changes, and uses four branches of scanning to detect and identify even the most advanced threats: local file/signature & registry scanning, real-time cloud scanning, sandbox, and backdoor inspection, and process behavior-based scanning.
Although they can, of course, be used separately, by combining our Threat Prevention and Endpoint Antivirus modules you will have an entire unified endpoint management suite working for you, which actually is one of 2021’s most important cybersecurity market trends. The threats that Threat Prevention discovers can be further used by the Endpoint Antivirus to detect and quarantine suspicious processes – this is called Threat to Process Correlation and is, of course, enabled by AI.
Heimdal™Fraud Prevention monitors email agents for false communication and harmful emails, using AI and 125 detection vectors like phraseology modifications, IBAN/account number scanning, attachment alteration, link execution and scanning, and man-in-the-email detection to prevent CEO and financial fraud, as well as Insider Business Email Compromise. Heimdal™ Email Fraud Prevention is capable of learning senders’ communication patterns and detecting even the tiniest changes, which makes it one of the finest allies you can have in front of email-based threats.
How did AI change the battle for our clients?
I believe the numbers speak for themselves:
- in the past six months, our Threat Prevention’s AI detected 3 485 544 malicious domains – in the top 3 we’ve discovered exodus.desync.com (179 429 detections), donate.v2.xmrig.com (135 259), and t1.daumcdn.net (132 971).
- also in the past six months, our Next-Gen Antivirus discovered 339312 infections and 18442 suspicious files. The most dangerous threats were related to viruses (122680), trojans (79435), and worms (48119).
- our Email Fraud Prevention has detected 949 fraud emails during the last 3 months. The main reasons for labeling the emails as malicious were: infected sender domains, financial elements, the discovery of sensitive elements, and non-authorized senders for specific domains.
As you can see, we’re really tipping the scales in our favor (and we can get even better as well), continuously helping our customers protect their company’s data, money, time, and reputation by covering layers that vary from risk management to email security.
Wrapping Up
Artificial intelligence with all its amazing branches like machine learning and neural networks is definitely one of the most powerful engines of technological progress, driving our evolution in many domains, from everything IT related to medical care or even psychology (just like virtual reality can be used in treating phobias in therapy, for example).
When it comes to AI in cybersecurity, I am, obviously, a big, big fan. AI has helped us shape the Heimdal™products into a unified suite that allows us to know what infrastructures hackers will develop and predict tomorrow’s threats today.
On that account, our AI and ML specialists keep smoothing the way for even more clever uses of artificial intelligence in cybersecurity, in order to make sure that our present and future clients will benefit from cybersecurity solutions that perfectly respond to the market’s most pressing needs and foresee tomorrow’s trends.