Artificial Intelligence (AI) and Machine Learning (ML) are gaining traction in the fight against cyber criminals. Threats and attacks are evolving quickly and becoming more sophisticated. As opposed to traditional methods, deploying AI at the edge is the best way to quickly and efficiently address these challenges.
A recent IBM poll found that 60% of the surveyed IT and security practitioners agreed that end-point security has the biggest benefits.
Ransomstrike uses several algorithms to detect ransomware behavior and prevent data encryption. Each algorithm analyzes different components of the end point to identify malicious activity.
The Primary Analysis focuses on:
- Process names, creation and stop times.
- Libraries being used by different processes.
- File system access and modification.
- Changes in registries or key configuration.
- Commands being processed in the background.
Deploying Multiple Algorithms to Stop Bad Actors
Using a combination of the CatBoost and LGBM algorithms, we are able to determine if an endpoint demonstrates ransomware-like behavior, and then stop the attack to minimize damage. Utilizing a combination of algorithms and data sources on each device, RansomStrike is able to deliver robust AI prediction contain the attack more efficiently.
Monitoring multiple components of the OS enables RansomStrike to build and maintain a complete picture of what is happening at the end-point (well beyond simply scanning file or network activity.
Competitors are limited to using a single algorithm that only scans one specific element of the end-point or infrastructure (such as network packets, files hash or content). Even if it is encrypted or binary, they teach the algorithm with encrypted and binary files hash. Competitors Machine Learning algorithms just evaluate and take action based on the single algorithm. Hackerstrike evaluates behavior based on combination of four different algorithms that work together to detect malicious behavior on the endpoint may can cause Hackerstrike to intervene and quarantine a device.
In order to distinguish ransomware behavior, RansomStrike ML algorithms are taught using more than 5,000 families of ransomware. To detect correct and specific patterns, the algorithms are constantly learning about the behavior of each endpoint.
To avoid false positives and disruption of your normal operations, we make our algorithms smarter by continuously learning and updating the standard/correct behavior of each device.
Ransomstrike avoids false negatives by constantly testing new ransomware and methods to improve our algorithm. By understanding new methodologies, we can better understand and intercept new behavior before the encryption begins.
Our ML architecture executes the training in the cloud to avoid heavy server resource utilization inside your company network. Our trained algorithms are light and fast and run in the background without affecting normal operation on the end-point or server.
The Hackerstrike architecture is highly scalable, eliminating the need for endpoints to retrieve information from the cloud or a server to work properly. The system can detect and stop any abnormal behavior instantly and avoid major impacts.
Our architecture is flexible enough to enable the addition of new components and improve reliability.
Request a Free Trial