WatchGuard adds AI to block zero-day malware

By on
WatchGuard adds AI to block zero-day malware

WatchGuard Technologies has added a layer to the defences provided by its Firebox security appliances.

Fireware 12.2 - the latest version of the operating software for the WatchGuard Firebox family - incorporates a new IntelligentAV feature based on the Cylance detection engine that uses machine learning to spot malware without relying on specific signatures.

Consequently, it can detect new types of malware before they have been written. This is made possible by looking at a very large number of characteristics to decide whether a particular file is good or bad. Then, as the saying goes, "if it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck."

Third-party testing performed for Cylance found that the 2015 version of the engine was able to identify and block major threats that didn't appear in the wild until 33 months later.

"Traditional signature-based antivirus, while still an important part of one's overall security posture, no longer provides adequate protection against modern malware, which is often obfuscated to evade detection," said WatchGuard vice president of product management Brendan Patterson.

"That's why WatchGuard believes that layering multiple advanced security solutions is the best way for businesses to protect their assets and their customer's data. IntelligentAV is the latest example of how we use best-in-class technologies to deliver high-performance layered security for customers."

Other new features of Fireware 12.2 include the ability to manage multiple Firebox Cloud instances on AWS or Azure, malware inspection when the POP3S and SMTPS (or POP3 and SMTP over TLS) protocols are used for mail retrieval, and support for multiple server certificates.

IntelligentAV is part of the WatchGuard Total Security Suite. It works with all Firebox cloud and virtual appliances, and with Firebox M270 and higher physical appliances.

The Firebox M270 is a new model that replaces the M200. It is the smallest rack-mounted member of the Firebox family, and is recommended for SMEs with up to 60 users.

Where the tabletop T70 model has a maximum throughput of 1.1Gbps with all UTM (unified threat management) features active and 740Mbps VPN throughput, the new M270 is rated at 1.6Gbps for both functions.

Copyright © BIT (Business IT). All rights reserved.
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?