Symantec Adds Deep Learning to Anti-Malware Tools to Detect Zero-Days

NEWS ANALYSIS: Android versions of Symantec mobile security products are the first to include deep learning, but the access to this big data approach will soon spread to other platforms.

Symantec Anti-malware 2

Deep learning may be the next frontier for a security industry that's dealing with constant attacks from cyber-criminals who become more sophisticated by the day.

According to a Symantec executive, the company has been working to integrate the whole idea of machine learning into its security services since February 2015. Symantec asserts that the capability, as new as it is, may be the next critical technology to keep cyber-attacks at bay.

Until recently, deep learning has been locked away in the software development labs. A few companies have realized that they can spot malware by its components and its behavior to ferret out most zero-day attacks before they have a chance to cause damage. Because of this, deep learning is now being deployed on the cyber-security battleground.

"As a user, you can't afford a bad download, and that's where we need to focus," said Andrew Gardner, senior technical director of machine learning at Symantec, to explain why the company first focused its efforts on Android. "That's what deep learning let us do."

Gardner said that most of the malware files in the Android environment are known, but at any given time two to five percent of the malware in circulation represent what he called low-scoring threats that are often missed by malware scanners. These include zero-day attacks.

However, Gardner noted that because of the seriousness of a malware attack, the customers simply can't afford any kind of attack, which made preventing zero-day attacks critical. Because machine learning pres­­ents the possibility of a very strong defense against zero-day malware attacks, Symantec started there.

Because of this focus, the first Symantec product that actively uses deep learning is Norton Mobile Security for Android. There's also a version of Norton Mobile Security for iOS, but that version doesn't make use of deep learning, at least not yet. But that's just the start.

Symantec has their sights set on bigger goals in the enterprise. The next target will be enterprise email, especially cloud-based email. "We process a lot of the world's email," Gardner said. "A lot of attacks enter the enterprise through email. They're insidious." He said that by attacking company email systems, cyber-criminals are able to seize critical information and, in addition, able to steal a lot of money through phishing schemes that install malware on company networks.

The problem until now was that a great deal of email analysis required human intervention. "At the end of the day, we had to have analysts go through and score them as attacks," Gardner said.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...