In-memory attacks are part of the next generation of exploits that cybersecurity experts need to guard against, and AI and machine learning can help.
Bill Conner, CEO of SonicWall, spoke with TechRepublic at this year's RSA Conference about his company's history with machine learning, and how that enabled their early detection of Meltdown and Spectre.
Conner: One of the new technologies that we're deploying is, we've always been in, machine learning. We've been in machine learning before it was cool back in security space since 1999. So we have thousands of terrabytes in malware data in terms of it, or artifacts, as they're called in the industry.
SEE: Machine learning: A cheat sheet (TechRepublic)
What we were able to do, we've been looking at memory because all malware goes to the chip or to memory to process. And in December of last year, our engineering team had figured out a way to actually inspect and look at the operating system level and figure out if it was malware. We put it into our advanced threat capability called Capture and we put it in in December and guess what, we found 500 unfound before commercially, through other AV engines and even our own, new pieces. Some were around PDFs, some were around email, but there were some around memory that we didn't know exactly what they were.
But lo and behold, in January, Intel announced Meltdown and Spectre, and when we saw that, then we knew what we were onto and seeing in what was happening. And people were already trying to take advantage and figure out how to exploit that and that's what we were seeing. That's why we went public with Real-Time Deep Memory Inspection when we did in January. We said we caught 500 in December. Through Q1, there were 3,500 not seen before in the wild zero days that cut across, guess what, PDFs, email and now memory.
- Spectre and Meltdown: Cheat sheet (TechRepublic)
- Total Meltdown: How Microsoft's Meltdown patch created an even bigger flaw for hackers (TechRepublic)
- Intel to make all future CPUs Meltdown- and Spectre-proof (TechRepublic)
- How to Implement AI and Machine Learning (ZDNet/TechRepublic special feature)
- Meltdown-Spectre: Why were flaws kept secret from industry, demand lawmakers (ZDNet)