White Paper

A Layman's Guide To AI, Machine Learning And Its Importance To Endpoint Security

Source: Webroot
AI-Artificial-Intelligence

Beginning around 2007, traditional endpoint security was becoming ineffective. Stopping infections was based around finding a user with an infection (patient zero), creating a detection signature (inoculation) and then updating every device to stop any further infections (eradication). The ineffectiveness was a direct result of the volume, variety, and velocity of infections. These factors completely overwhelmed the ‘patient zero’ approach. There were simply too many patients and not enough inoculations.

While patient zero vendors valiantly did more, and managed to stop whole ‘families’ of infection using heuristics and advanced signature detection techniques, the fundamental problem didn’t go away. Too many devices were getting infected and the cost of remediation was so significant that organizations were creating remediation re-imaging budgets just to cover infection costs.

As an industry, endpoint protection vendors needed to change their minds and do something new to change the game. Webroot was the first vendor to do so by introducing a totally new cloud-based way of countering malware with machine learning at its core.

In October 2011, Webroot launched Webroot SecureAnywhere® in the US retail consumer market. It was the first of the so-called ‘next generation’ endpoint security solutions, with a revolutionary architecture designed to harness machine learning and high automation to handle the volume and variety of attacks customers were facing.

Our considerable experience selling antivirus solutions meant we knew we had to change how we thought about predicting, preventing, detecting and remediating malware – and the best ways to do all of that given the threat landscape we faced. This brief guide will, we hope, provide you with both a snapshot of what Webroot does today to harness machine learning to predict, prevent and protect you against malware, plus give you a better understanding of why this technology is being put to use by next-gen vendors to try to differentiate themselves in a crowded endpoint security market.