#ai #anti-virus #protection

Artificial Intelligence (AI) in Cybersecurity: Stopping Fileless Attacks

by Roark Pollock

October 9, 2018

access_time 4 min read

In a recent blog, we discussed artificial intelligence - or more specifically, machine learning - and its growing role in cybersecurity. As we saw, AI-based cybersecurity systems are outperforming traditional antivirus software (AVs) by wide margins.

One area in which AI security models are proving to be particularly effective is in defending endpoints against so-called “fileless” attacks. These attacks were first identified as early as 2001, but they’ve only come to the forefront of cybersecurity recently. In fact, last year according to “The 2017 State of Endpoint Security Risk” report by the Ponemon Institute, fileless attacks where included in an estimated 77% of successful data breaches worldwide. In that same report, Ponemon reports that 35% of all cyber-attacks are fileless exploits.

So, what are fileless attacks and what makes them so successful at infiltrating endpoints? Most often, traditional malware infiltrates digital endpoints by stowing away in long term storage, trying to trick users into executing malicious files so that it can take control.

Fileless malware, on the other hand, circumvents the stowaway step by infiltrating an endpoint’s memory directly. It does this by manipulating a system’s registry - the database where the system’s low-level settings are kept - acting as a kind of deviant administrator to steal information or disable key features.

Often, this means that no action is required by the user for the “non-malware” to take hold. Even more important, this property makes it extremely difficult for traditional antivirus software to detect. Signature-based scans typically don’t interact with an endpoint’s registry at all. And even if the AV does come into contact with the malicious code, its built-in heuristics will only rarely identify the fileless threat.

The beauty of machine learning-powered systems is that they don’t rely on signatures, heuristics, or traditional scans at all. Instead, they apply sophisticated algorithms to vast amounts of information, continuously updating themselves to recognize threats, new or old, based on patterns in the data. This makes them extremely effective at identifying and protecting against fileless attacks.

In the era of fileless attacks, AI is by far the best approach for cybersecurity. That’s why we’ve recently integrated machine learning models with the Ziften endpoint protection platform for multi-vector cyber-attack prevention that includes preventing fileless attacks.

Learn more about how Ziften is expanding its Zenith endpoint protection platform with artificial intelligence: https://ziften.com/zenith/