Artificial Intelligence Analysis

New strains of malware are impossible to detect using signature-based analysis, but malicious files tend to have common characteristics. Cybereason creates advanced machine learning models to map these characteristics.

Artificial Intelligence analysis is supported on Windows machines, For details, see Endpoint machine prevention features.

Note

Artificial Intelligence analysis is disabled by default. To enable this feature, use the Anti-Malware screen in your sensor policy.

How does Artificial Intelligence work?

Artificial Intelligence compares a file’s content and metadata with existing models for malicious files. Based on the analysis of the file, the Artificial Intelligence service determines the likelihood that the file is malicious. This method of analysis enables Cybereason NGAV to detect new and often previously unknown strains of malware with a high level of accuracy.

When Artificial Intelligence is used together with signature-based detection, NGAV can prevent most types of file-based malware.

How does Artificial Intelligence scan files for analysis?

Artificial Intelligence scans files only immediately before the files execute. Artificial Intelligence does not scan executable files before an action such as a read, write, or copy action occurs.

.NET-based executables are also scanned.

Local and network files are scanned. Network scans may produce different results than local scans in some cases.

Detection and prevention of files

After the Artificial Intelligence service scans and analyzes files, you can instruct the Cybereason platform to detect and prevent these types of files. You can set different sensitivity levels for detection and prevention.

The Detect mode determines at what sensitivity the Cybereason platform generates MalOps. The Prevent mode determines at what sensitivity the Cybereason platform prevents detected malware from executing.

See Set the Anti-Malware Modes for details on how to manage the Artificial Intelligence settings.

Additional topics: