AV is dead! Long live AV…
Malware complexity, sophistication, volume and cavalier users are all eroding traditional Av’s effectiveness - does cognitive computing hold the key?
Anti-Virus has come a long way since it was created back in the late 90s, but so has the malware industry. Back in the 90s it was a hobbyist game, with a few proof of concept viruses doing the rounds, such as EXEBug, that introduced CMOS modification to prevent clean booting, and the first Windows virus WinVer 1.4. Norton Anti-Virus was created in December 1990, and pointed the way that the soon-to-be AV industry would take.
Fast-forward to 2005, and more than 123 new malware threats were discovered every day, according to Panda Software, a 240 per cent increase over 2004. Runaway growth in malware had begun, and the trend has continued up to the present, with McAfee reporting that they recognised new threats at a rate of 245 per minute in Q3 2016, or more than four per second.
Needless to say, this exponential increase in volume has spelled trouble for the traditional signature-based methods of virus detection, which have been feeling the pressure from polymorphic malware and the increasing availability of encryption.
The most recent industry assessments from AV insider site Virus Bulletin (VB) show just how that pressure is translating into decreasing proactive antivirus detection rates.
Compare the proactive detection midpoints in these two images - Jun-Dec 2015 and late 2016. In the first, the proactive detection midpoint hovers around 80 per cent, and the reactive midpoint sits at roughly 90-95 per cent. Then note the 2016 version, where reactive detection has dropped a little to the 90 per cent line, but proactive detection has dramatically dropped to 67-70 per cent.
The scourge of ransomware has - if anything - raised the stakes of late, with a single click putting entire enterprise datacentres at risk. A survey recently found that out of 60 companies that suffered successful ransomware attacks during the last 12 months, 100 per cent reported they were running antivirus at the time of the attack. Incidentally, it wasn't just AV that came up short - victims reported that 95 per cent of the attacks bypassed the victim’s firewall(s); 77 per cent of the attacks bypassed email filtering; 52 per cent of the attacks bypassed anti-malware; and 33 per cent of the attacks were successful even though the victim had conducted security awareness training.
It’s no surprise that the major anti-malware companies including Sophos, McAfee and Kaspersky have been hunting the next big weapon in this arms race, and it seems that machine learning, and ultimately AI could well be it.
Ilia Kolochenko, CEO of High-Tech Bridge said: “Machines cannot replace humans, however can significantly help to automate various tasks and analyse huge amount of data to gain meaningful data to support a decision. This applies both for White and Black Hats: humans cannot be entirely replaced, but a lot of existing processes can be optimised, accelerated and improved.
In the past, Black Hats were using programming to develop viruses, while White Hats were using programming to develop antiviruses. Unfortunately, nothing can be done to prevent cybercriminals from leveraging the power of machine learning and big data in the future too. I predict we will see the AI equipped cyber-criminal of the near future utilising ever-more sophisticated attack techniques as a result.”
High-Tech Bridge’s ImmuniWeb is based on its proprietary machine learning technology (Artificial Neural Networks) used for intelligent automation of vulnerability scanning and detection. The platform detects at least twice as many vulnerabilities than any automated solution would, including the most sophisticated ones that usually require human intelligence.
ImmuniWeb also provides the same quality, reliability and comprehensibility as manual penetration testing, but in a twice shorter period of time and thus at much more competitive price.