AI and machine learning offer tremendous promise for\nhumanity in terms of helping us make sense of Big Data. But, while the\nprocessing power of these tools is integral for understanding trends and\npredicting threats, it\u2019s not sufficient on its own.<\/p>\n\n\n\n
Thoughtful design of threat intelligence\u2014design that accounts for the ultimate needs of its consumers\u2014is essential too. There are three areas where thoughtful design of AI for cybersecurity increases overall utility for its end users.<\/p>\n\n\n\n
To set the process of machine learning in motion, data\nscientists rely on robust data sets they can use to train models that deduce\npatterns. If your data is siloed, it relies on a single community of endpoints\nor is made up only of data gathered from sensors like honeypots and crawlers. There\nare bound to be gaps in the resultant threat intelligence. <\/p>\n\n\n\n
A diverse set of real-world endpoints is essential to achieve\nactionable threat intelligence. For one thing, machine learning models can be prone\nto picking up biases if exposed to either too much of a particular threat or\ntoo narrow of a user base. That may make the model adept at discovering one\ntype of threat, but not so great at noticing others. Well-rounded, globally-sourced\ndata provides the most accurate picture of threat trends.<\/p>\n\n\n\n
Another significant reason real-world endpoints are essential is that some malware excels at evading traditional crawling mechanisms. This is especially common for phishing sites targeting specific geos or user environments, as well as for malware executables. Phishing sites can hide their malicious content from crawlers, and malware can appear benign or sit on a user\u2019s endpoint for extended periods of time without taking an action. <\/p>\n\n\n\n
Historical trends help to gauge future measurements, so\ndesigning threat intelligence that accounts for context is essential. Take a\nmajor website like www.google.com for example. Historical threat intelligence signals\nit\u2019s been benign for years, leading to the conclusion that its owners have put\nsolid security practices in place and are committed to not letting it become a\nvector for bad actors. On the other hand, if we look at a domain that was only\nvery recently registered or has a long history of presenting a threat, there\u2019s\na greater chance it will behave negatively in the future. <\/p>\n\n\n\n
Illustrating this type of information in a useful way can\ntake the form of a reputation score. Since predictions about a data object\u2019s\nfuture actions\u2014whether it be a URL, file, or mobile app\u2014are based on\nprobability, reputation scores can help determine the probability that an\nobject may become a future threat, helping organizations determine the level of\nrisk they are comfortable with and set their policies accordingly.<\/p>\n\n\n\n
For\nmore information on why context is critical to actionable threat intelligence,\nclick here.<\/strong><\/a><\/p>\n\n\n\n Finally, how a threat intelligence provider classifies data\nand the options they offer partners and users in terms of how to apply it can\ngreatly increase its utility. Protecting networks, homes, and devices from\ninternet threats is one thing, and certainly desirable for any threat\nintelligence feed, but that\u2019s far from all it can do. <\/p>\n\n\n\n Technology vendors designing a parental control product, for\ninstance, need threat intelligence capable of classifying content based on its\nappropriateness for children. And any parent knows malware isn\u2019t the only thing\nchildren should be shielded from. Categories like adult content, gambling\nsites, or hubs for pirating legitimate media may also be worthy of avoiding.\nThis flexibility extends to the workplace, too, where peer-to-peer streaming\nand social media sites can affect worker productivity and slow network speeds,\nnot to mention introduce regulatory compliance concerns. Being able to classify\ninternet object with such scalpel-like precision makes thoughtfully designed\nthreat intelligence that is much more useful for the partners leveraging it. <\/p>\n\n\n\n Finally, the speed at which new threat intelligence findings\nare applied to all endpoints on a device is critical. It\u2019s well-known that\nstatic threat lists can\u2019t keep up with the pace of today\u2019s malware, but updating\nthose lists on a daily basis isn\u2019t cutting it anymore either. The time from initial\ndetection to global protection must be a matter of minutes. <\/p>\n\n\n\n This brings us back to where we started: the need for a robust, geographically diverse data set from which to draw our threat intelligence. For more information on how the Webroot Platform draws its data to protect customers and vendor partners around the globe, visit our threat intelligence page.<\/a><\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it\u2019s not sufficient on its own. Thoughtful design of threat intelligence\u2014design that accounts for the ultimate needs of its consumers\u2014is […]<\/p>\n","protected":false},"author":163,"featured_media":29043,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[21933,21934,24453],"yst_prominent_words":[24897,24891,3769,24899,18803,16741,8273,3817,3813,3811,3787,3477,19419,24895,16951,4167,24893,3569,3789,10879],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/29039"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/163"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=29039"}],"version-history":[{"count":3,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/29039\/revisions"}],"predecessor-version":[{"id":29077,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/29039\/revisions\/29077"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/29043"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=29039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=29039"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=29039"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=29039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Designing how you classify and apply the data <\/h2>\n\n\n\n