Do you trust/believe in "Next Gen - Ai" products?

  • Total voters
    23

Emmanuellws

Level 3
Since all AVs have business and home version...Do you guys think that companies that has ML in their business version, helps in terms of updating the home version's virus definition with the latest malware threats? I just suspect this is the case now since businesses are the most exposed to zero-day threats. When I went through some AV for home/personal test results online, and those that has ML in their business version, the home versions can detect and protect 100% and has the lowest false positive. What do you guys think? Do you think those who have ML in their business version, can actually help other versions in their line of products?
 
  • Like
Reactions: XhenEd

XhenEd

Level 27
Verified
Trusted
Content Creator
Since all AVs have business and home version...Do you guys think that companies that has ML in their business version, helps in terms of updating the home version's virus definition with the latest malware threats? I just suspect this is the case now since businesses are the most exposed to zero-day threats. When I went through some AV for home/personal test results online, and those that has ML in their business version, the home versions can detect and protect 100% and has the lowest false positive. What do you guys think? Do you think those who have ML in their business version, can actually help other versions in their line of products?
I think so. In fact, I think there would only be one overall ML for businesses and home bases. Of course, there will be differences in operation to optimize detection and categorization, but it works for them as one. But I don't have anything to back up my belief, so mine is just speculation. :D
 
  • Like
Reactions: Winter Soldier

Emmanuellws

Level 3
Look at this what ML is all about. Based on the Magic Quadrant for Next Gen endpoint protections (2016, outdated) :
upload_2017-4-24_10-47-31.png


under Startegic Planning Assumption stated - Restrict Executables that have not been pre-inspected. (is this AI/ML????????????????????)

upload_2017-4-24_10-50-20.png


Based on the Garner's Quadrant (Early 2016) not updated, "Leaders" section are the ones that has major market share but have not necessarily focus to integrate ML/AI as their main feature up till now, however, under "Visionaries" are the ones that's focusing and redeveloping around Machine Learning or AI capability. Only Cylance does not integrate Antivirus around their "Maths" based detection product.

Real World Detection Test (AV-Comparatives) - Feb 2017 and Mar 2017:
Proves that those has ML with AV, does really protect.
 
Example what real AI supposed to be :
Hmmm...I receive a new email.
Ok, someone from Amazon sent me with the title "Please review your order package from Amazon"
Let me login to my Amazon account, weird I never ordered anything.
Ok, back to my email, The content looks legit with my order number and my name. there's an excel file attached to it.
Oh well, Let's take a look at the attachment.
Let's scan it with my most powerful and has the largest updated database in the world Antivirus.....hmmm....................It is Clean!
Opening now.....wait...it is asking me to enable editing when all I want to do is just looking at its content...
ok, sorry, can't continue.
Let me upload to a sandbox first, execute it......ok....there are some interesting stuff happening here....
Oh...wait...in encrypts all the files in the sandbox and shows some messages. It is a zero-day ransomware!
ok, deleting email now and flag it as Malware. Done.
Why like that?

- Someone from Amazon sent me a message with the title "Please review your order package from Amazon"
- I manually go to to Amazon site and log in
- Nothing on the actual Amazon page
- Delete message

Done.
 
  • Like
Reactions: XhenEd

Emmanuellws

Level 3
Why like that?

- Someone from Amazon sent me a message with the title "Please review your order package from Amazon"
- I manually go to to Amazon site and log in
- Nothing on the actual Amazon page
- Delete message

Done.
hehehe....that way works too. But to learn about the suspicious email attachment...need to upload to Sandbox. Get analysis result and classify it as malware or good application. That completes a machine learning process :)
 
  • Like
Reactions: XhenEd