It’s been over 35 years since the first reported Creeper Worm and Reaper Virus showed up on ARPAnet. When we think of the speed of technological advances since the 1970’s, we can confidently say that malware has become increasingly more sophisticated.
Conventional anti-malware solutions like antivirus software cannot combat today’s threats effectively. Advancement in technology is just constantly evolving at an accelerating pace. With zero-day threats attacking company’s networks successfully, organizations needs to keep security protection updated. Scanning the files on your network’s endpoints just won’t cut it anymore.
Today’s malware threats advancements means companies should be investing in solutions that intelligently monitor inbound and outbound traffic and quickly and accurately determine if something poses a threat to your infrastructure.
So, what is the solution? It’s in the Cloud.
The Cloud is for More Than Just Infrastructure
In the past five years, everyone and anyone that is in the IT space has been talking about Cloud computing. However, there is still a misconception around the Cloud that we continue to hear from our clients.
Many think of the Cloud as a way to scale your infrastructure without having to invest in physically building it out. The reality is, it can do a whole lot more. For example, firewall vendors leverage the Cloud’s almost infinite resources to quickly and accurately prevent impending malware attacks.
Machine Learning: How Artificial Intelligence Can Protect You
What do HAL 9000, Skynet, and The Machines all have in common? They all disobeyed Isaac Asimov’s three laws of robotics. Thanks to Hollywood, when most people think of artificial intelligence (AI), they think of popular robotic antagonists of famous movies that need to be unplugged. But in the non-fiction world (a.k.a. reality), AI is actually being used to improve our lives.
What does this have to do with protecting your company against malware?
AI is machine learning. This means AIs use algorithms that help to recognize complex patterns in data in order to make intelligent predictions or decisions. When it comes to securing your business, machine learning algorithms running in the Cloud analyze potential threats and accurately determine if unknown traffic is dangerous.
This is exactly what Juniper Network’s new Sky Advanced Threat Prevention that integrates with Juniper’s SRX Series Services Gateways does for you.
Sky Advanced Threat Prevention: How It Works
Sky Advanced leverages and expands on the capabilities of Juniper’s SRX firewalls, which act as a detection and enforcement point for rapid response to threats. Sky Advanced is designed to be used in enterprise environments to protect both your users and datacentre and uses inline remediation to block inbound and outbound security threats.
In an ideal situation, Sky Advanced and the SRX will stop a malware download before it is complete. In the case of malware entering your network through another way – like the common scenario of a user plugging in a machine that was infected when outside your network – Sky Advanced can block outbound connections from an infected host.
The Four Stages of Analysis
Sky Advanced consists of services that run on the SRX firewall. It uses both cached information on the SRX, Cloud-based malware analytics and Juniper’s Spotlight Secure Cloud Service security intelligence to identify threats and also to block connections to know malware command and control servers. The Cloud-based analysis consists of four stages that can take from one second up to seven minutes to identify a threat.
- Stage One: Checking against known threats.
- Stage Two: If it doesn’t identify the file, Sky Advances runs it through a stack of antivirus engines that uses machine learning algorithms to overcome false positives and false negatives.
- Stage Three: Static analysis that “pulls” the file apart to try and determine if it’s Sky Advanced has been “taught” to understand what malware looks like using machine learning and applies this knowledge when analyzing the file. If its threat level is still undetermined, it moves to the last stage.
- Stage Four: The longest – but the most advanced – Sky Advanced spins up virtual machines in the Cloud (right now it creates XP, Windows 7 and Windows 8 machines, but will add Windows 10 and OS X soon) and uses deception and provocation techniques to try and get the malware to expose itself. The virtual machine emulates a realistic user environment, including user interaction, fake webcam feeds and planting of high-value targets that store fake user credentials to trick and hopefully get the malware to react.
How to get Sky Advanced Threat Prevention
Sky Advanced Threat Prevention is licensed as both a free version and a subscription-based premium service. The free version only analyzes basic file types, but still uses the full four-stage suite of anti-malware techniques detailed above. The premium service provides expanded file support and more detailed reporting. Sky Advanced Threat Prevention requires an SRX Series firewall running the latest version of Juniper Networks Junos OS (15.1). Support is currently only included for SRX1500 Services Gateway platform and is planned for vSRX and all other SRX Series platforms in the future. If you are interested in learning more about Sky Advanced you can reach out to our network security sales team.
