Artificial Intelligence and Machine Learning in CybersecurityGenerating Profit with Advanced Threat Intelligence

Introduction 3 Barriers to Success – Why SMBs Need a Greater 4Focus on Cybersecurity > Massive Cybersecurity Skills Shortage > Limited SMB Budgets > Solutions Don’t Fit SMB’s Needs > Cybercriminals Don’t Work 9 to 5 The Application of AI & ML in Today’s 5 Advanced Cyberattacks > Artificial Intelligence (AI) > Machine Learning (ML) > AI-Powered Bots 6 > Captcha is Dead > Polymorphic Malware > AI-Powered Phishing Attacks Fighting Fire with Fire – The Role of AI and ML in 7Effective Cybersecurity > Solving Problems Humans Cannot > Addressing Outdated Security Approaches > Combatting the Volume, Velocity & Variance of Threats Bolstering Profitability – Outsourced Managed 8Security Services Getting Started – What are the First and Next Steps? 9 > Utilize a Platform Approach Specifically Suited to MSPs > Employ Cloud Technologies > Consider Specialization > Leverage Webroot Solutions Powered with AI About Webroot 10

cybercrimes were the work of amateurs – and hackers were purely motivated by enjoyment. In fact, the most notorious cybercrimes in the 1980s were executed by a group of teenage boys known as the 414s. After breaking into more than a dozen high-profile systems, including those at Los Alamos National Laboratory, they were only charged with two years of probation.

3.

times have changed dramatically. Cyber-crime has evolved beyond benign teenage mischief, and is now linked to organized crime, human trafficking, terrorist cells, and nation-states. Moreover, it has expanded into a highly-profitable enterprise where hackers generate more revenue and have the means to innovate faster than the de-fenders. As a result, they’re leading a new dawn of cyberattacks with artificial intelli-gence (AI) and machine learning (ML) at the center of their arsenals.

fighting fire with fire is the best defense. Businesses of all sizes must bring equally ef-fective and intelligent security tools to the party. Fortunately, there are resources for tackling this constantly-evolving cyber war. Today, there are a variety of solutions that harness the power of AI and ML and protect businesses against today’s growing and ad-vanced cyber threats.

Just a few decades ago Fast-forward to 2018 To keep up

$1.5Cyber attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia. [1]

trillion

Barriers to SuccessWhy SMBs Need a Greater

Focus on CybersecurityToday, businesses of all sizes, large and small, are potentially at risk of cyber

attacks. And research shows that cybercriminals consider SMBs easy prey. In fact, experts say that 50% of SMBs have encountered

a cyberattack, and once attacked only 40% survive after six months.[3][4] In light of these risks, effective

cybersecurity is a clear necessity for SMBs, but there are a number of barriers

preventing them from suffi-ciently protecting their

networks and data:

Most SMBs don’t have dedicated analysts working day and night to monitor networks and address threats. Effective cybersecurity requires a team of professionals working around the clock to detect and respond to incidents, which isn’t realistic for SMBs.

Because of the above challenges, the MSP model is an excellent answer for SMBs with limited budgets, staff, and specific requirements. Plus, technology that leverages AI and ML for intelligent threat response, re-duces the cost of doing business – making solutions more affordable for MSPs, which in turn, is passed to the SMB.

The shortage of trained cybersecurity workers is a colossal problem, with unfilled positions reaching into the millions. And many of those working in the industry fail to hold the required skills and expertise to perform their jobs effectively. For enterprises, the issue is massive, but SMBs are even more vulnerable because supply and demand makes it impossible for them to afford competent resources.

For many SMBs, tight funding results in bare-bones protection – or worse, forgoing security altogether. Cybercriminals recognize that small businesses don’t have the same level of protection as larger businesses, which unnecessarily exposes SMBs to threats.

There is not a one-size-fits-all answer to cybersecurity, and SMBs gen-erally believe that cybersecurity solutions don’t fit their unique require-ments. And when they do, they arrive with a hefty price tag that simply doesn’t work for cash-strapped smaller businesses.

The overall annual average loss for smaller businesses from cyberattacks is estimated to be US $79,841 with a median loss of US $2,000 and a maxi-mum total loss of US $1 million. [2]

51% of cybersecurity profession-als claim that their organi-zation has a problematic shortage of cybersecurity skills. [5]

4.

Massive Cybersecurity Skills Shortage

Solutions Don’t Fit SMB’s Needs

Cybercriminals Don’t Work 9 to 5

Limited SMB Budgets

AI and ML are undoubtedly hot topics in cybersecurity, but what exactly are they and how are they altering the elusory cybercrime landscape?

The Application of AI & ML in Today’s Advanced Cyberattacks

is technology that applies reasoning and learning to en-hance a variety of operations. It utilizes data and identifies patterns, at scale, and improves its intelligence over time. There are several subsets, such as ML, deep learning, neu-ral networks, natural language processing, rules engines, and more.

is a subset of AI that gives computers the ability to learn from data and experiences, and to improve their intelli-gence over time without explicit programming. It’s analo-gous to the adage, “give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime.” In the same vein as the fisherman, programmers provide the systems with a goal, and the machine draws its own conclusions, adapts new responses, and makes educated decisions – much like humans.

AI-powered cyberattacks, once viewed a product of science fiction, are now reality. It’s not a matter of when cyber-criminals will utilize AI to carry out attacks, they’ve already begun to release chaos using a variety of methods and experts predict it’s going to escalate over the next decade.

Artificial Intelligence (AI)

Machine Learning (ML)

91% of cybersecurity professionals are concerned about hackers using AI against companies in cyberattacks. [6]

5.

Bot (an abbreviation for “robot”) is an automated executable that runs over the Internet. Bots can be both friend-ly, such as tech support bots, or insid-ious and malicious. Hackers can carry out social engineering attacks through AI-powered bots that replicate human behavior, making it nearly impossible for victims to differentiate between a friend, family member, or bot. Once the bot establishes trust, they trick the victim into revealing sensitive informa-tion, leading to devastating and wide-spread consequences. What’s more, these AI-powered bots can execute these attacks swiftly and at scale.

The once tried-and-true method of Captcha, which is utilized to stop au-tomatic access to systems from bots is now officially dead, according to Google. In 2017, researchers from Vi-carious built a program, called the Re-cursive Cortical Network (RCN), which easily solves Captcha challenges by replicating human behavior. There are new methods for blocking bots, but this is an excellent example of how quickly AI and ML can render security measures obsolete.

Polymorphic malware is malware that evolves and constantly changes to evade detection. Viruses, trojans, key-loggers, and even bots can be poly-morphic. This type of malware keeps our defenses guessing because as it gets smarter, the malware perseveres – continuing to “morph” and learn. And with today’s great strides in AI technology, we’re likely to see a new wave of polymorphic malware with unprecedented sophistication.

Phishing is the use of unsolicited com-munication, such as email, SMS, or phone calls from a fraudulent com-pany to obtain sensitive information. These attacks account for the largest percentage of security breaches today. Unfortunately, over the next decade, phishing will become even more com-mon because the criminals successfully leveraging AI will enjoy the same bene-fits as businesses, such as reduced cost associated with labor.

AI-Powered Bots Captcha is Dead Polymorphic Malware AI-Powered Phishing Attacks

The Application of AI & ML in Today’s Advanced Cyberattacks

97% of malware infections utilize polymorphic techniques.[7]

6.

Three quarters of cybersecurity professioals in the U.S. believe, within the next three years, their company will not be able to safeguard digital assets without AI. [6]

Enables human administrators to create automated security policies

Enables machines to automatically allow or block according to

policies

Enables time-of-need security decision

making

There are no shortcuts to effective cybersecurity but utilizing a layered strategy with AI and ML can lower the likelihood of a breach or attack. Multi-vector protection, intelligent remote monitoring and management (RMM), security awareness train-ing, anti-virus, anti-malware, and strong backup practices are just a few of the crucial components of a layered approach.

Fighting Fire with Fire – The Role of AI and ML in Effective Cybersecurity

While a layered approach to security is vital for suc-cess, the simple fact is, AI and ML can solve com-plex cybersecurity problems that humans cannot. To detect advanced threats, AI employs pattern recog-nition, natural language processing, and predictive analytics to identify anomalies and unusual activity at a faster pace and more accurately than humans. And with its ability to apply advanced algorithms across massive datasets, ML formulates models of behaviors and devises predictions, once thought of as virtually impossible.

Advanced security tactics with AI have quickly re-placed outdated security approaches. For exam-ple, the tried-and-true signature-based approach to malware detection is now almost obsolete. With new malware files reaching nearly a million daily, it’s unrealistic for cybersecurity analysts to create anti-virus signatures for every instance of malicious software. What’s more, AI is a much more effective approach to combat polymorphic malware and its constantly-changing characteristics and signatures that elude pattern-matching detection.

fighting fire with fire is the best defense. Businesses of all sizes must bring equally effective and intelligent se-curity tools to the party. Fortunately, there are resourc-es for tackling this constantly-evolving cyber war. Today, there are a variety of solutions that harness the power of AI and ML and protect businesses against today’s growing and advanced cyber threats.

Solving Problems Humans Cannot Addressing Outdated Security Approaches Combatting the Volume, Velocity & Variance of Threats

7.

Lack of budget, talent, and compliance expertise are driving SMBs to seek out MSPs that offer outsourced managed se-curity services (MSS). In fact, the global MSS market size is expected to grow from USD 24.05 billion in 2018 to USD 47.65 billion by 2023, at a Compound Annual Growth Rate (CAGR) of 14.7%.[9] Because of these facts, 2018 is a prime time to get ahead of the competition and grow your services portfolio with MSS.

Building new recurring revenue streams is key to increasing MSP profitability. Fortunately, working with security vendors that offer a layered and multi-faceted approach to security, with AI and ML, allows you to leverage advanced threat intelli-gence security services without the overhead of building them yourself. Which, in turn, helps you achieve your financial goals.

What’s more, efficiency plays a big role in profitability and for MSPs, there are never enough hours in the day. An intelligent security approach utilizing AI with automated policy enforce-ment; malicious IP, website, and file blocking; and phishing protection frees up your security analysts to focus on incident response and more strategic tasks.

8.

15%of MSPs offer some sort of security service today, but 62% are looking to add security services to their portfolio in the next 12 months. [8]

only Bolstering Profitability – Outsourced Managed Security Services

Specializing in verticals is a fantastic way to offer a unique value proposition to your clients. In addition, regulatory compliance is a key factor for SMBs when it comes to choosing an MSP. Industries that require regulation such as retail (PCI), healthcare (HIPAA), telecommunications, oil and gas, finance, and others prefer to engage with MSPs that are experts in the compliance standards re-quired by their businesses.

Seek out vendors that offer centralized management integrating all aspects of cybersecurity into one platform through a single plane of glass. If necessary components don’t exist, work with strategic security partners to fill in the gaps.

MSPs that partner with Webroot have a unique opportunity to lever-age AI-powered solutions to improve their customers’ security posture – while decreasing operating costs, reducing remedial tasks, and im-proving cycle time. For over ten years, Webroot has applied the most advanced ML technology in the industry to its cybersecurity solutions. This experience, combined with the collective knowledge of their data scientists and statisticians gives Webroot a distinct advantage in combat-ting known and unknown threats.

What’s more, Webroot’s BrightCloud® Threat Intelligence Services inte-grate accurate and real-time threat intelligence into network and end-point protection to protect customers from malicious URLs, IPs, files, and mobile apps. It scans billions of IP addresses and URLs across mil-lions of domains and mobile apps – leveraging ML to classify and catego-rize each according to the threat it represents to businesses.

Cloud-based services are the first choice for SMBs and MSPs due to operation-al agility and lower up-front costs. Engage with vendors that offer subscrip-tion-based pricing models to promote recurring revenue growth.

Consider Specialization

Employ Cloud Technologies

Utilize a Platform Approach Specifically Suited to MSPs Leverage Webroot Solutions Powered with AI

Machine learning’s super power is that the amount of data it can take it has no limits. Think about it the context of health-care: what if the best doctors in the world could work on your issue, around the clock? ML can provide that value to cyber-security.

- David Dufour, Vice President of Engineering at Webroot

9.

Building a cybersecurity practice presents MSPs with an unparalleled opportunity to future-proof their businesses. But how do you get started?

Getting Started – What are the First and Next Steps?

1. 4.

3.

2.

Webroot was the first to harness the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We pro-vide the number one security solution for managed service providers and SMBs, who rely on Webroot for endpoint protection, network pro-tection, and security awareness training. By partnering with Webroot, MSPs, resellers, and distributors benefit from greater profitability, low-er operational costs, improved productivity, stronger client trust, and innovative resources for competitive advantage. With our streamlined management console and integration with leading RMM and PSA plat-forms, Webroot gives you smarter protection that is easy to deploy and manage, and uniquely addresses traditional challenges. Discover growth, enablement, and support at www.webroot.com/partners

[1] Dark Reading, Cybercrime Economy Generates $1.5 Trillion a Year, https://www.dark-reading.com/vulnerabilities---threats/cybercrime-economy-generates-$15-trillion-a-year/d/d-id/1331613

[2] 2017 State of Cybersecurity Among Small Businesses in North America, Better Business Bureau, https://www.bbb.org/globalassets/shared/media/state-of-cybersecurity/updates/cybersecurity_final-lowres.pdf

[3] Ponemon Institute, 2017 Ponemon Institute Study Finds SMBs are a Huge Target for Hackers, https://www.prnewswire.com/news-releases/2017-ponemon-institute-study-finds-smbs-are-a-huge-target-for-hackers-300521423.html

[4] Inc., 60 Percent of Companies Fail in 6 Months Because of This (It’s Not What You Think), https://www.inc.com/thomas-koulopoulos/the-biggest-risk-to-your-business-cant-be-elim-inated-heres-how-you-can-survive-i.html

[5] ESG, ESG Research Suggests Cybersecurity Skills Shortage Is Getting Worse, https://www.esg-global.com/blog/esg-research-suggests-cybersecurity-skills-shortage-is-getting-worse

[6] Webroot, More Than 90 Percent of Cybersecurity Professionals Concerned About Cyber-criminals Using AI in Attacks, https://www.webroot.com/au/en/about/press-room/releas-es/cybercriminals-using-ai-in-attacks

[7] Sensors Tech Forum, 97% of Malware Infections Are Polymorphic, Researchers Say, https://sensorstechforum.com/97-of-malware-infections-are-polymorphic-research-ers-say/

[8] SmarterMSP, Ask an MSP Expert: What security solutions should I add to my portfolio?, http://smartermsp.com/ask-expert-security-solutions-add-technology-stack/

[9] Research and Markets, Managed Security Services Market worth 47.5 Billion USD by 2023, https://www.marketsandmarkets.com/PressReleases/managed-security-services.asp

10.

About Webroot