How do you protect your business from risky or rogue apps, when you don’t know what you’re looking for?
This is the big challenge facing enterprises and organizations today. Malware is now being built to morph at frequent intervals (Cerber ransomware morphs every 15 seconds), making detection by conventional methods difficult or impossible.
Minor internal changes to a malicious app modify its hash or signature, information that anti-virus and SIEM (security information and event management) systems have relied on for detection. Meanwhile, the app continues to wreak havoc in the devices and systems of unsuspecting users.
Machine learning can fill the gap that these other approaches cannot bridge. Traditional protection relies on knowing what you are looking for. By comparison, the idea in using machine learning is to identify patterns and structure that help determine whether an app is good or bad, even if you do not initially know what you are seeking. In machine learning, the analytical model building for detection is automated, with algorithms that iteratively learn from data. This iterative aspect is critical, because as new data is fed into the models, the models themselves can independently adapt.
Using smart algorithms and the power of today’s computing resources, machine learning is a key component in tackling the huge numbers of apps being developed or already available for download. By examining the binary code of the apps, a machine learning program can detect suspicious or incongruent behavior that might have escaped human observation. The recent advances in big data processing mean that complex calculations used for detection can now be performed much faster and many more times, to home in rapidly on the true nature of each app.
AppInterrogator uses machine learning and self-learning to keep adding to its intelligence base and to reevaluate apps to see if their risk potential or posture has changed. This predictive, defense capability is a major advantage for enterprises. For instance, previously, ransomware attacks were often over before security analytics could begin. Now, by using machine learning to detect anomalies in apps, such attacks can be prevented from happening in the first place.
The same principles apply to any kind of polymorphic malware, meaning malware that changes the appearance of its own code, while leaving its malware algorithm intact. BYOD environments become inherently safer, even though users are bringing their own apps into corporate computing environments. Collaboration, currently the hot enterprise computing trend, and the accompanying tendency to “overshare” information and app download links, can be better kept within security bounds.
In short, by going beyond known and common patterns, the right machine learning reinforces enterprise IT security in ways that are essential, but that other technologies cannot offer. It can assess huge volumes of data to spot relationships between apps, and to give meaning to the app behaviors it uncovers. Coupled with a simple, but highly effective “In or Out” policy to accept or refuse apps as they are tested, machine learning lets enterprises not only see their IT security future, but also shape that future to stay safe.