Xcitium Advanced Endpoint Protection (AEP) uses artificial intelligence to supplement other malware detection mechanisms. While traditional signature-based antivirus program can knock down the most common malware variants, it cannot catch zero days nor all of the malware variants proliferating in the wild.
Machine learning is a tremendous and ever-changing field, and Xcitium uses the most recent machine learning techniques to determine to determine if a file is malicious or benign. Xcitium has created a predictive model started with collecting a huge number and
variety of malicious and benign files. Features are extracted from files along with the files’ label (e.g. good or bad).
Finally, the model is trained by feeding all of these features to it and allowing it to crunch the numbers and find patterns
and clusters in the data. When the features of a file with an unknown label are presented to the model, it can return a
confidence score of how similar these features are to those of the malicious and benign sets. These concepts underpin
VirusScope, Xcitium’s file and behavioral analysis engine residing on the local client.
Xcitium Advanced Endpoint Protection includes VirusScope™ on the local level applies machine learning and algorithmic based
detection – in essence‚ math – using multiple techniques such as vector machines‚ naïve bayes‚
decision trees‚ random forest classifier‚ linear discriminant analysis‚ stochastic gradient descent‚
hidden markov models‚ neural networks and more. VirusScope uses these recognizers to analyze behavior and actions indicating
malicious intent or behavior‚ and thus a pending attack. By default‚ VirusScope employs machine learning only inside
of the container. However‚ VirusScope may also be enabled‚ by profile‚ to monitor the entire system both inside
and outside of Automatic Containment™. Machine learning is able to identify both escape attempts from inside the
container and in a hypothetical case of escape from outside of the container – again‚ providing IT with detection‚
protection and notification of the incident.