Malware Detection that Keeps Learning

Thursday, March 3, 2016 @ 03:03 PM gHale


There is now a machine-learning malware detection and cyber hunting tool that can provide an enterprise the ability to train the device on the environment through a new artificial intelligence capability.

Acting as an X-Ray machine for network traffic, the BluVector appliance leverages machine-learning technology to enable security analysts and incident response teams to see beyond “known bad” threats identified by their signature-based workflow, find previously unclassified and undetected attacks, and understand how their organization is in the scope of an attacker within milliseconds.

RELATED STORIES
DROWN can Sink Encryption Protection
Data Breaches Rise: Report
Breach Detection Better; Attacks on Rise
Multi-APT’s Linked to One Attack Group

BluVector 2.0 from Acuity Solutions collects and analyzes millions of packets and thousands of objects per second, inspecting all files entering or leaving the network in real time and at network speed, and delivering alerts on security events.

The advanced threat detection appliance analyzes files from the HTTP, SMTP, and FTP protocols in milliseconds using Hector, BluVector’s patented machine-learning classification engine, extracts features from each file and then calculates a probability that the file is malicious based on a broad understanding of benign and malicious files. Security analysts end up presented with the findings and all associated network metadata and given the opportunity to define a response path.

BluVector’s machine-learning technology leverages content classifiers that distinguish between malicious and benign content and are resilient against Zero Day, polymorphic malware and tactics. Unlike signatures or behavioral heuristics, the classifiers can detect threats without prior knowledge with a high degree of accuracy while maintaining real-time performance. Purpose-built for in-memory analysis of diverse protocols and voluminous Web traffic on high speed gateway links, the solution can be scaled to higher than 10 Gbps data rates, with comparatively less hardware than scaling sandbox-based approaches.