tackle unknown threats with symantec endpoint protection 14 machine learning
TRANSCRIPT
Part 1: Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Chris DiyaSystems EngineerSymantec
5-Part Webinar Series: Endpoint Protection…what really matters?
5-Part Webinar Series: Endpoint Protection…what really matters?
Title: Date:
Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning (Register) January 26, 2017
Part 2 of 5 Block The Risk Of Ransomware (Register) February 23, 2017
Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It (Register)March 23, 2017
Part 4 of 5 Easy Ways To Improve Your Security Posture (Register) April 20, 2017
Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response (Register) May 18, 2017
https://www.symantec.com/about/webcasts
Agenda
Copyright © 2016 Symantec Corporation
What is machine learning and how can it be used to detect unknown threats?
What makes Symantec’s approach to machine learning different?
Defense in depth: Symantec Endpoint Protection 14
What is Machine Learning?
• Training a machine to think like a human analyst!
• Classification of attributes.
One of the largest civilian cyber intelligence networks
3.7 Trillion rows of security-relevant data
The Largest Civilian Global Threat Intelligence Network in the World
Diverse data, advanced algorithms, highly-skilled threat experts
5
175MConsumer and
Enterprise endpointsprotected
57Mattack sensor
in 157countries
182Mweb attacks blocked last year
Discovered
430 millionnew unique piecesof malware last year
9 threat response centers
Billionsof email traffic scanned/day
1 Billionweb requests scanned daily
12,000Cloud applications protected
Symantec Endpoint Protection 14
Advanced Machine Learning
Copyright © 2016 Symantec Corporation6
Collect Training sets in Real-Time
Training Algorithm
Trained Machine
New & RetrainedAdv. ML Classifiers
Detect variant on client with Advance ML classifiers
The Advanced Machine Learning Engine helps detect more bad files.– Machine Learning builds a classifier
• Input: Pre-labeled samples
• Output: Classifier that can take unknown samples and produce a percentage guess of the correct label
– Symantec’s dedicated team of ML scientists and ML experts
– Leverages Symantec’s massive in field presence to gather the best training data
– Leverages Symantec’s telemetry submissions to verify lab results
Customer Benefit: 0-day Protection against unknown malware
Infrequent updates
– The Advanced ML Engine is designed to be incrementally updated which are small and infrequent.
High effectiveness.
– Internal tests show very high detection efficacy.
Multi-dimensional
Relationships cannot be ‘gamed’
Continuallearning
Different user types (power users/novices, consumer/enterprise) have objects with differing levels of risk associated with them. Intelligence from this continues to work very well even when attackers change tactics
Without any manual retraining, tomorrow’s protection algorithm evolves to be better than today’s
Use of deep learning and neural networks to continually update algorithms
Best-in-class characteristics used in our ML .. .. rendering rapidly changing attacks ineffective
Intelligence derived from relationships
Each technique by itself has industry-leading efficacy. Combined, they are unmatched in efficacy/false positive results
Relationship-based ML
Attribute-based ML
Behavior-based ML
What Makes Symantec’s Machine Learning Approach Different?
7
Copyright © 2016 Symantec Corporation
Copyright © 2016 Symantec Corporation
Superior Protection and Response Across the Attack ChainStop Targeted Attacks and Zero-Day Threats with layered protection
INCURSION INFESTATION and EXFILTRATIONINFECTION
ANTIVIRUS
NETWORK FIREWALL & INTRUSION
PREVENTION
APPLICATION AND DEVICE
CONTROL
BEHAVIOR MONITORING
MEMORY EXPLOIT
MITIGATION
REPUTATION ANALYSIS
ADVANCED MACHINE LEARNING
EMULATOR
Patented real-time cloud lookup for scanning of suspicious files
NETWORK FIREWALL & INTRUSION
PREVENTION
INNOCULATION
POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN
SECURE WEB GATEWAY
INTEGRATION
EDR CONSOLE (ATP:ENDPOINT)
Superior Protection and Response Across the Attack Chain
9
Inbound Communication
Payload executionOutbound
CommunicationPayload delivery
Next gen IPS
Tamper Protection and Lockdown
Reputation ML
Behavioral ML
Advanced ML *
Anti Virus signatures
Stateful Firewall
Browser protection
Real-time response to rapidly changing threat landscape
Threat vector learning at scale
Next-gen IPS
Application control
Clustering
Emulation*
Signature based Non signature based Machine learning and deep learning
Machine Learning
Network
Big Data
Hardening
AV
Exploit Protection*
Copyright © 2016 Symantec Corporation
NEW
Summary
• SEP14’s Advanced Machine Learning
– An attribute-based detection engine useful for new and evolving threat families.
– More accurate due to the huge sample set obtained from Symantec’s Global Intelligence Network.
• Why Symantec?
– Elite group of machine learning experts
– Lower false positives = more time spent on other things
• Next-gen Defense-in-Depth Endpoint Security
– Machine learning, Memory Exploit Mitigation, Cloud Intelligence
• We’ll be at RSA 2017!
– https://www.symantec.com/about/events/rsa-2017
Copyright © 2016 Symantec Corporation10
Q&A
Copyright © 2016 Symantec Corporation 11