Machine Learning is not new, ESET has been using it for years

Thesetechnologies are part ofbusiness presentations, online services, and are often mentioned in investment intents. Some authors of technology solutions try to deliver to their clients the added value of these technologies, while others use them as mere business strategies.

In 1987, two young programmers, Peter Paško and Miroslav Trnka, discovered one of the first computer viruses. They named it “Vienna”, and wrote a programme aimed at its detection. Shortly after, many other viruses appeared, and the idea was born to create a universal software solution that can eliminate these PC threats. Thus, the first version of anti-virus programme NOD – then running on the MS-DOS system – came into existence.

In 1992, together with Rudolf Hrubý, they founded ESET as a private limited-liability company. The name of the firm is inspired by the Egyptian goddess Isis, who was worshipped as a magical healer.

Initially, only a small group of computer enthusiasts worked on the anti-virus programme, but gradually, it evolved into a security solution that is considered one of the fastest and most effective in the world.

In mid-1990s, with the internet boom, the number of attacks by viruses and other malware started to grow. Macro-viruses were spread, for example, as supplements of emails, so ESET started experimenting with first neural networks, changing the way in which ESET products detect malware. This involved heuristic and behavioural detection.

This led to a breakthrough in the security industry. The volume of malware was growing so immensely that it was inconceivable to analyse it manually. Heuristic was able to mark a file as malicious, even without humans having to laboriously analyse it as such. Heuristic was certainly one of the reasons why the once unknown company ESET got its very first award from the independent testing magazine Virus Bulletin in 1998, which put it on the map of respected security companies.

Since 2005, ESET has been detecting malware samples on a DNA level. Heuristics is not perfect, either. The DNA detection does not consider just the code of the threat but focuses rather on its real behaviour. The attackers protected themselves by covering the real purpose of the code with obfuscation or encryption. For attackers, it is much harder to change the behaviour or nature of the threat than its code. “During each control of the code, be it on a disc or in the memory, we extract “genes” which determine the code’s behaviour and identify DNA samples responsible for toxic or suspicious activity,”ESET Chief Technology Officer, Juraj Malcho, explains.

ESET CHIEF TECHNOLOGY OFFICER, JURAJ MALCHO

In 2011, ESET started utilising DNA detection. These algorithms are vital to assessing malware. It is very easy to create security software with 100-percent effectiveness in capturing the malicious code. The problem is such software could wrongly mark many clean files as malware. These cases are called false positives. High-quality security software should be able to differentiate between a malicious code and a clean file or system. To do this, ESET partially uses Machine Learning. Its algorithms help it to place samples on an imaginary “map of cyber-security”. Not even a large number of employees could manually analyse 200-400,000 new samples of malware, which ESET detects each day thanks to 110 million sensors worldwide.

Corporate clients using ESET Endpoint Solutions or services can also use Augur, a mechanism of machine learning that ESET created on its own. This technology correctly marks the sample as malicious, potentially unsafe or clean.

Augur, however, cooperates with several layers of ESET technologies, so it can replace other technologies in case they fail in detecting unknown threats. Customers are able to use Augur power with any ESET solution that has ESET LiveGrid switched on. This is the cloud system that provides early warnings, and it plays a crucial role in making company computers safe. Thanks to information from the cloud, ESET solutions can block the launch of malicious files, even before the standard upgrade of the virus database has been issued, which detects the due file.

However, Augur is specifically used in two new ESET solutions meant primarily for theenterprise segment. Institutions with many employees have complicated systems, a lot of hardware and software. Companies with thousands of employees may struggle finding an effective way to train their employees and inform them on what safe behaviour looks like or how to react to an internet threat promptly and correctly. Thus, a single wrong click can quickly infect the whole department.

Such an environment requires special security software, which can adapt to the needs of large organisations. The Endpoint Detection and Response (EDR) tool not only finds and disables a threat, but also analyses in detail how it infiltrated the corporate network and spread further and where it has managed to spread. ESET’sEnterprise Inspector monitors and evaluates in real time all activities on computers in the network, and, in case of need, enables security administrators to react immediately. Its supplement is ESET Dynamic Threat Defense, a cloud sandbox offering immediate analysis of zero-day or ransomware threats even before they spread into the company network. Augur enables both solutions to promptly analyse the newly-created threats without the security software slowing down the systems or even the operation and processes of the firm.

Through its effectiveness and stability, this solution fulfils the original vision of its creators – to create top technology available to common users and companies, regardless of their size.