When it comes to artificial intelligence (AI) in cybersecurity, the most important factor is outcomes.
Evaluating the relative efficacy of different AI-based security offerings is becoming more and more important, as the threat landscape changes and generative AI is added to the toolkits available to attackers and defenders alike. This is because evaluating these offerings can be challenging. You can identify solutions that provide value and return on investment (ROI) rather than just marketing speak by asking the right questions. “Can your predictive AI tools sufficiently block what’s new?” is one such question. as well, “What actually signals success in a cybersecurity platform powered by artificial intelligence?”
BlackBerry is a leader in this field and has a very knowledgeable perspective on what works and why, as evidenced by its portfolio of AI and ML (machine learning) patents.
AI’s Development in Cybersecurity
The creation of the CylancePROTECT® EPP (endpoint protection platform) more than ten years ago marked the beginning of some of the earliest applications of ML and AI in cybersecurity. Given that threat actors can now quickly write and test new code thanks to generative AI, anticipating and stopping new malware attacks may be more important than ever. According to the most recent BlackBerry Global Threat Intelligence Report, there has been a quarter-over-quarter increase in novel malware attacks of 13%. Although stopping these attacks is a constant struggle, fortunately, technological advancements are keeping up with the attacks’ rapid evolution.
The goal of BlackBerry’s machine learning and data science teams is to improve the effectiveness of their predictive AI tools. According to recent independent testing, Cylance ENDPOINT® actively predicts malware behavior, even for novel variants, and thus blocks 98.9% of threats. A decade of innovation, experimentation, and advancement in AI techniques—including a move away from supervised human labeling and toward a composite training approach—have culminated in this accomplishment. Over time, extensive data analysis has refined this approach, which combines supervised, unsupervised, and active learning in both local and cloud environments. The end result is a highly effective model that can accurately predict and anticipate new threats.
Temporal Advantage: Considering Time
Size, parameters, and performance are frequently brought up when discussing the efficacy and quality of machine learning models. But the most important thing about ML models—especially in cybersecurity—is their real-time threat detection and response capability. The temporal aspect is important in malware pre-execution protection, where threats need to be recognized and prevented before they can be executed.
Threat detection requires temporal resilience, which gauges a model’s ability to withstand both current and potential attacks. A metric called Temporal Predictive Advantage (TPA) is used to evaluate a model’s performance over time, particularly in terms of identifying zero-day threats.
In order to validate the models’ performance over time, they are tested against more recent malware after being trained using earlier malware classes. This is especially crucial for endpoints that aren’t always connected to the cloud, as it might not be possible to update the model often.
Reliance on frequent updates as a sign of immaturity can be observed in models. The fourth-generation Cylance model’s TPA over months is shown in the chart, which highlights BlackBerry Cylance’s model’s strong temporal predictive advantage in maintaining high detection rates without frequent model updates.
Without a model update, protection lasted for up to 18 months, demonstrating the model’s maturity and exact training. This is not an accident that occurs.
Advanced AI Foresees and Avoids What distinguishes Future Evasive Threats is its unique ML model inference technology. Even if something is unfamiliar to it, it can “infer” from past experiences whether it poses a threat. BlackBerry’s strategy makes use of a special hybrid technique for distributed inference that was developed seven years ago, before ML libraries and model-serving tools were widely available. Our most recent model, which is the culmination of all the innovations and advancements made throughout the many generations of this technology, is the outcome of this methodology.
Malware Prediction: The Most Advanced Cylance Model
With a focus on temporal predictive advantage, our latest model outperforms all previous iterations in terms of performance, having been built upon large and diverse datasets with extensive insights into malware behavior. BlackBerry Cylance AI operates with impressive speed for distributed inference and produces outstanding results with over 500 million samples and billions of features evaluated.
Our dedication to innovation is unwavering as we make more progress in utilizing ML for cybersecurity. Prioritizing defensive cybersecurity measures that are effective and produce meaningful results is crucial, especially in light of adversaries’ growing use of AI.
Since its launch, Cylance AI has shielded governments and companies throughout the world from cyberattacks thanks to a multi-year predictive advantage. Customers can stop 36% more malware with BlackBerry’s Cylance AI, 12 times faster, and 20 times less overhead than competitors. These results show that artificial intelligence is not a monolithic field. Not every AI is Cylance AI, either.