Wave Systems Corp. (fka WAVXQ)

[Genz2]

HP’s Latest Laptops Use AI to Detect New Types of Malware

https://www.tomshardware.com/news/hp-sure-sense-malware-security-elitebook-zbook,39078.html

HP today announced five additions to its commercial laptop line, all equipped with a security solution called Sure Sense. HP’s new endpoint security offering uses artificial intelligence (AI) to detect malware, including previously unknown variants.

Sure Sense comes as malware continues to be a growing threat to businesses, with 350,000 new types discovered daily, according to 2017 research by G Data Security which HP cited in its announcement. HP Sure Sense is supposed to fight this by using deep learning to offer real-time prevention and detection of zero-day threats and ransomware-related activity.

How does deep learning AI fight malware?

HP claimed that its deep learning solution is more secure than using legacy antivirus or machine learning without a deep learning implementation. Signature-based antivirus software checks new files for known forms of malware. However, this method is time-intensive and requires frequent updates. And it can’t detect new forms of malware.

Machine learning, a type of AI, can identify common malware characteristics. It can therefore identify some new types of malware but still requires frequent updates and time-consuming feature engineering.

By adding deep learning however, Sure Sense AI uses multi-level neural networks that have been trained around hundreds of millions of malware samples in the form of raw data, so that it can spot malware, including types of attacks that haven’t been discovered yet. If it finds something that’s likely to be malware while scanning files, Sure Sense quarantines it.

According to HP, Sure Sense works in milliseconds, requires few updates and has “minimal” impact on performance.

HP is loading Sure Sense into five upcoming PCs: the EliteBook 830 G6, EliteBook 840 G6 and EliteBook x360 G6 and two workstations, the ZBook 14u and ZBook 15u.
==================================================================
I believe Lenovo had Wave Endpoint Monitor built into some of its laptops. Wave Endpoint Monitor should be a solution, based on the others in the marketplace, that is used by A LOT of companies!! Can HP's Sure Sense very effectively detect that unknown malware with 'multi-level neural networks' based on hundreds of millions of malware samples? A whitelisting approach in Wave Endpoint Monitor seems more straightforward and effective at spotting that sneaky malware.
==================================================================
https://www.wavesys.com/malware-protection

Excerpts:

Software can’t always detect malware

The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.

A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.



Wave’s solution: start with the device

If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.

Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor

Excerpts:

Detect attacks before it’s too late

Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.

Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.


Key Features:

Easy security compliance
• Comports with NIST guidelines for BIOS integrity

Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows

Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring

No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead

Windows 8 Tablet Compatibility
• Get the same device integrity assurance on Windows 8 Pro & Enterprise tablets that you want for your enterprise PCs - with Wave Mobility Pro - Tablet Edition