Behavior-based analysis involves using baseline information to detect what?

To fully unleash behavioral analysis, companies must take advantage of the cloud and its immense computational power, unlimited scalability, and ease of management. The cloud provides a proactive approach that combines big data with powerful analytics to help outsmart the latest, most threatening emerging attacks.

For example, the cloud enables streaming analytics, where normal and abnormal endpoint activity can be monitored and compared to any unfiltered historical endpoint data. By analyzing these event streams and comparing them to what looks like normal ones, the cloud creates a global threat monitoring system that not only detects attacks, but predicts ones that have never been seen before.

This powerful approach is simply not possible with traditional AV solutions, which are signature-based, but it is with next-generation antivirus (NGAV) software.

NGAV in the cloud offers bi-directional communication with endpoints, so that all unfiltered endpoint data can be monitored and turned into predictive analytics that proactively protects companies from sophisticated attacks.

Plus, the cloud provides the infrastructure benefits that most companies are already experiencing with other enterprise software – simplified, less costly operations, faster deployment, and the latest and most innovative technology.

Behavior-based security is a proactive approach to security in which all relevant activity is monitored so that deviations from normal behavior patterns can be identified and dealt with quickly. As machine learning continues to improve, this approach to security management is expected to play an important role in securing computing at the edge of the network.

Traditional security software is signature-oriented: the software monitors data streams and compares data in transit to signatures in an anti-virus vendor's library of known threats. Behavior-based security programs work a little differently -- they monitor data streams too, but then they compare data stream activity to a baseline of normal behavior and look for anomalies. Behavior-based security products use applied mathematics and machine learning to flag events that are statistically significant.

While there may still be instances where an organization needs to choose between signature-based and anomaly-based security software, there is a broad range of intrusion detection and prevention products that combine both approaches.

Word of the Day

adversarial ML

Adversarial machine learning is a technique used in machine learning to fool or misguide a model with malicious input.