Greetings from Sangfor!

Ransomware is the biggest cyberthreat of the 21st century. With the advent of ransomware-as-a-service (RaaS), attackers no longer need to be skilled to successfully profit from extortion. Worse, ransomware has leveraged artificial intelligence (AI) to significantly improve both its ability to breach organizations and, more disturbingly, its ability to hide from almost every malware detection tool available today.

AI enabled malicious software can quickly detect the environment it is operating in and take evasive measures to escape detection and removal. The REvil ransomware is good example of weaponized AI because it was designed to deactivate if the host is part of a Russian language domain to limit damage to eastern European organizations. The only way to combat weaponized AI is with purpose-built AI models looking for specific small non-normal or suspicious behavior over magnitudes of activity across large periods of time. Network detection & response (NDR) tools have become very popular for threat detection and automating responses against them because small malicious behavior can be detected from analysis of large amounts of network traffic.

Sangfor Technologies has been a leader in threat detection and integrated response for many years. We developed our Cyber Command threat hunting platform to push the state of the art for NDR using our XDDR security framework. XDDR integrates NDR with endpoint data and application events to provide a more dynamic way to combat malware and APTs that use weaponized AI. Cyber Command uses AI models designed for specific threat hunting use cases to detect and remove weaponized AI.

Using AI models that look for singular types of behavior improves threat detection significantly over general machine learning engines. In this whitepaper, we explain how NDR using purpose-built AI models can detect weaponized AI for these use cases:

• DGA domain detection
• encrypted communications modeling & attack detection
• encrypted brute force attack detection
• malware & ransomware protection
• user & entity behavior analytics (UEBA).

We invite you to read about how Sangfor is using purpose-built AI in Cyber Command NDR to detect and combat weaponized AI. We welcome feedback and are interested if your experiences align or differ from ours.

Regards,

Guy Rosefelt, Sangfor Security Chief Marketing Officer
Jason Yuan, Sangfor Vice President – Product & Marketing

Source: Sangfor