Sangfor Cyber Command NDR
Using AI to Combat AI - Purpose-Built AI Models in NDR
Greetings from Sangfor!
Ransomware is the biggest cyberthreat of the 21st century. With the advent of ransomware-as-a-service (RaaS), attackers no longer need to be skilled to successfully profit from extortion. Worse, ransomware has leveraged artificial intelligence (AI) to significantly improve both its ability to breach organizations and, more disturbingly, its ability to hide from almost every malware detection tool available today.
AI enabled malicious software can quickly detect the environment it is operating in and take evasive measures to escape detection and removal. The REvil ransomware is good example of weaponized AI because it was designed to deactivate if the host is part of a Russian language domain to limit damage to eastern European organizations. The only way to combat weaponized AI is with purpose-built AI models looking for specific small non-normal or suspicious behavior over magnitudes of activity across large periods of time. Network detection & response (NDR) tools have become very popular for threat detection and automating responses against them because small malicious behavior can be detected from analysis of large amounts of network traffic.
Regards,
Guy Rosefelt, Sangfor Security Chief Marketing Officer
Jason Yuan, Sangfor Vice President – Product & Marketing
Sangfor Technologies
Using AI to Combat AI - Purpose-Built AI Models in NDR
Summary
Threat actors have weaponized Artificial Intelligence (AI) making malware and other advanced persistent threats (APTs) capable of circumventing or hiding from lagging next generation antivirus (NGAV), anti-malware, sandboxing, and other threat detection technologies. AI enabled malicious software can quickly detect the environment they are operating in and take evasive measures to escape detection and removal. The only way to combat weaponized AI is with purpose-built AI models looking for small non-normal or suspicious behavior across magnitudes of activity over large periods of time. Network detection & response (NDR) tools are implementing AI models designed for specific threat hunting use cases to find and remove weaponized AI. This whitepaper provides a basic overview of the AI technologies used within purpose-built AI models in Sangfor’s Cyber Command NDR capability and the primary threat hunting use cases the AI models detect. [...]
Emerging Technologies: Emergence Cycle for AI in Security for Malware Detection
27 October 2020
This “early signal” research offers a deeper dive into early-stage AI innovations focused on malware detection use cases. Security product leaders should track these new developments to make critical decisions on product roadmap competitiveness and evolution.
Overview
Key Findings
- Artificial intelligence (AI) methods and techniques are being integrated into products in all security market segments, making this technology, in aggregate, the largest impact on malware detection development for the next five to eight years. [...]