Endpoints need protection. That much, most everyone already knows. So most people install an antivirus—any antivirus at all—on their devices and consider the job done.
And then the cyber attacks come anyway.
What is going wrong?
Unfortunately, even as the rise of IoT and smart devices has exponentially increased the number of endpoints over the last few years, traditional security systems are increasingly struggling. According to one survey, 78 percent of security professionals interviewed stated that they no longer trust antivirus software[1].
This is a critical problem, because a full 95 percent of security breaches originate at endpoints,[2] meaning they desperately need protection. Endpoints include computers, tablets, printers, smart refrigerators, and anything else that has Internet connectivity—which nowadays is just about everything.
The organizations and individuals hit by WannaCry, Petya, Bad Rabbit, and other high-profile malware likely had antivirus software, but it couldn’t protect them. Traditional anti-malware products can no longer keep up with the informed threats that are actively trying to bypass their protections. The cybersecurity landscape is growing at a scale beyond the capabilities of traditional software.
The Problems of the Traditional Approach
There are a number of reasons why traditional cybersecurity can no longer reliably protect against malware and cyber attacks. The first is a matter of volume and scale.
In the average large organization, there may only be one person in charge of the security for the devices of one thousand other employees. This works out about as well as might be expected; there’s far too much for that single person to keep up with.
Even if an organization could hire an IT worker for every single person and device in the company (which, of course, is far beyond the realm of the possible), volume would still be an issue. Traditional anti-malware generates too much noise and too many false positives for human technicians to feasibly sort through it all.
In addition, traditional antivirus is done through static or behavioral signatures, using a rules-based approach wherein the only patterns it looks for are those that humans have specifically programmed it to look for. This makes it very difficult for the antivirus to catch new variants of malware. Malware is growing and diversifying at an unprecedented rate, with new strains developed daily and roughly a third of all malware ever created having been made in just the last two years. Furthermore, it’s far too easy to alter the way a file appears, allowing slightly mutated malware to slip under the radar.
Finally, signature-based malware can typically only be programmed to catch a new malware after it’s already been infected, but with major cyber attacks like WannaCry, there’s only one chance to get it right.
How Artificial Intelligence Can Keep Endpoints Safe
What traditional antivirus cannot accomplish, AI-based solutions can. AI is vastly superior to humans in its ability to identify patterns and files that it has never seen before. Rather than relying on a static set of pre-programmed rules, an AI antivirus will learn for itself what a malicious file looks like, with far greater accuracy and flexibility than any traditional method.
Even a miniscule tweak to a file could render it unrecognizable to a traditional antivirus. With its superior pattern recognition, however, AI can catch these alterations easily. It continues to learn even past its deployment, and is constantly refining its definitions over time, allowing it to not just keep up, but actually get ahead of the malware crisis.
AI also addresses the problem of volume, as it is infinitely more scalable than traditional approaches to endpoint security. AI’s greater accuracy means far fewer false positives and general noise for human security analysts to sort through. Rather than humans having to do the work of file classification, AI solutions can classify files as malicious or benign, only flagging humans when it is unsure. One human analyst now can reasonably look after the endpoints of a thousand employees, and do so efficiently and accurately.
AI can create better connections between malicious files and their behaviors. An AI model for cybersecurity might use 25,000 to 30,000 data points, each of which has hundreds of thousands of associated values. Therefore, AI can calculate millions of possibilities in the time it takes a human to open the file.
Working as a team with human analysts, AI has the power to completely revitalize endpoint security. Endpoints absolutely need protection—and AI provides it best.
[1]https://www.digitaltrends.com/computing/anti-virus-isnt-enough-security-professionals-say-preventative-measures-are-the-future/
[2]http://www.verizonenterprise.com/verizon-insights-lab/dbir/
