McAfee is Integrating AI for Improved Cybersecurity
This integration brings a whole new volume of results, and according to him is much better than either of the technologies working alone. When Artificial Intelligence (AI) is combined with Threat Intelligence (TI), it yields multiple benefits. This is what is being emphasized by Steve Grobman, senior vice-president and chief technology officer (CTO) at McAfee. Infact, simulations are showing the combined effects of both these technologies and McAfee is actively vouching for that.
While speaking to the participants at the 2018 MPower Cybersecurity summit in Las Vegas, Grobman pointed out that this integration brings a whole new volume of results, and according to him is much better than either of the technologies working alone. The effect of enhanced threat defense capabilities is something that happens automatically once the advantages of AI, Machine Learning (ML) and Data Science is combined.
THE RIGHT WAY OF THREAT DETECTION AND REDUCING HIGH COSTS
While threat intelligence on its own in a malicious code simulation environment identifies the perceived threats, there is always a chance of many new malicious codes being unidentified.
According to Grobman, it is, of course, possible to have a high detection rate even if a single model was used. Infact about a 95% detection possibility is achievable but the chances are strong that some of the legitimate applications tend to be stamped as malicious. Then there is the cost factor as well which in many cases can turn out to be a huge sum causing a whole of a pinch on enterprise IT budgets.
At the same time, if a combination of ML and threat detection is used, then applications can at the first stage be easily classified into safe or risk categories and only the unknown samples need to be worked on ML for detection. This protects many a good sample and is a cost restrictive factor as well.
PRODUCT DEVELOPMENT AND ML AT MCAFEE, THE FUTURE
Pointing out to McAfee’s vision on the same, Grobman said that the company stated in 2016 when the endpoint Real Protect Static started to use ML to determine if there was something malicious. Within one year, it was followed by Real Point Dynamic which was more advanced by looking into application behavior. He also announced the near-to- ready release of the third point in this variant which is known as Real Fileless Malware to counter the new threat of what industry has termed as Fileless Malware.
In his keynote address, Grobman emphasized the ability of telemetry data and advanced analytics to have actionable insights. It needs to be remembered that the CEO of McAfee had pointed out to this being the future product development vision of McAfee.
This telemetry will take the form of a pipeline which will store the data and then redact and analyze it for a specific purpose when required. This cybersecurity telemetry will provide the required inputs for organizations to base their future plans. He backed it up with an example wherein he said that McAfee will be developing a real-time system that can provide a view across the world on the threats faced every day and every second. The research on the same is going on as part of the product development plan of the company.