Wedge Adds AI for Better Malware Blocking
Wedge Networks today introduced what it is calling an entirely new approach to blocking malware that is yielding strong results in stopping zero-day attacks and other malware in real time.
The new Wedge Networks Advanced Malware Blocker uses artificial intelligence from Cylance to detect and block advanced threats such as ransomware at the network level and prevent them from ever entering the enterprise. It is the first in a series of products that Wedge is introducing as part of a new product family, the Wedge Absolute Real-Time Production Series, that packages capabilities it has been delivering from a cloud-based service into products that can be sold through the channel to the enterprise.
"Advanced threats -- both zero-day and targeted threats -- are getting through the best available next-gen firewalls and intrusion prevention systems," says Frank Wiener, vice president of marketing for Wedge. "They are blocking most of the threats, but I can demonstrate all day long the ability to pass malware through those systems. The bad guys know how to do that."
Industry experts on a recent security panel at Light Reading's NFV and Carrier SDN event agreed with that statement, and the pressure now on service providers to help block those threats. (See Security & Virtualization: 'We Are All Screwed'.)
That is why Wedge is bringing artificial intelligence to the network layer, licensing technology from Cylance that was previously used at end points, Wiener says. In the process, Wedge is addressing the enterprise challenge of having to constantly upgrade firewall and intrusion protection system (IPS) capacity to match network traffic.
"They can offload those requirements onto our box, and when they do so, the throughput of their next-gen firewall will basically double in capacity," he comments. Removing anti-malware protection from the firewall can increase its performance by 50%, he claims.
The new Wedge product also automates the analysis of the data flood through a centralized data analytics engine and generates understandable intelligence on which security personnel can act, Wiener says. "Today, they are all complaining about the same thing: they get hundreds of thousands of alerts every day, and they have a small team of security experts, who have no idea which ones are the important ones," he comments.
There are actually four different processes at work within the WedgeAMB: First, traffic goes through an IPS system which blocks worms and passes traffic to a Data Content Inspection engine where content is examined by type and policies are applied that allow some traffic (voice, video) to bypass further scans; signature scans and heuristic scans are then applied to block known threats and polymorphic viruses and malware; finally, the remaining traffic goes through the Cylance AI engine for detection based on patterns and other intelligence.
All of that happens in 20 milliseconds or less.
Wedge is excited about the way the system is already performing in its earliest deployments, Wiener says.
"With only a couple of weeks of hands on testing with WedgeAMB in our labs, the initial results far and away exceed the real-time malware blocking ability that we've seen with traditional network based solutions," Jason Robohm, cybersecurity practice manager and solutions architect for Computex, a national IT service provider, said via a Wedge-provided email. "WedgeAMB has all the ingredients to be a disruptive force for network malware prevention."
Computex had been working with Cylance on its customer endpoints in the past and views Wedge Networks' addition of the AI technology at the network layer as a major step forward, he said.
— Carol Wilson, Editor-at-Large, Light Reading