FireEye uses machine learning to guard endpoints
Traditional signature-based security solutions find it hard to keep up with the fast pace of malware development, so security companies are turning to other solutions.
FireEye is launching a new version of its Endpoint Security product with the addition of a machine learning engine called MalwareGuard.
MalwareGuard is the result of a two-year research project from FireEye's data scientists, plus testing in real-world incident responses. The MalwareGuard model is trained using advanced machine learning techniques to enable it to make intelligent malware classifications on its own and without human involvement.
The machine learning model is trained using both public and private data sources, including data gathered from over 15 million endpoint agents, attack analyses based on more than one million hours spent responding to attacks to date, over 200,000 consulting hours every year and adversarial intelligence collected from a global network of analysts that speak 32 languages.
"Attackers are constantly innovating and outmaneuvering legacy, signature-based technology," says John Laliberte, senior vice president of engineering at FireEye. "Reducing the window of time from discovery, to analysis, and deployment of protection is critical to reducing risk in your enterprise. By combining our unique frontline knowledge of the adversaries with our in-house machine learning expertise, we can now better protect our customers against cyber-threats including never-before seen threats by automating the discovery, analysis, and deployment of protection through our endpoint solution."
In addition to machine learning capabilities, FireEye Endpoint Security now includes other new features designed to deliver more sophisticated management as well as simplify the process of moving from alert to fix. These include a policy manager that makes it easy to enable varying levels of access, allowing administrators to balance the needs of security and performance. There's also alert workflow update to provide the necessary context for organizations to rapidly respond to the alerts that matter, and cloud identity and access management to enable a higher level of authentication for cloud-based deployments.
You can find out more on the FireEye blog.