Real-time identification of malicious domains and IPs is essential to stopping phishing, ransomware, and other cyber threats.
The traditional approach – relying on domain reputation feeds to categorize and identify malicious domains – has proven far too inaccurate as domain generation algorithms (DGAs) enable attackers to quickly generate new domains, which lack reputation.
At the same time, users continue to click through to malicious domains mimicking well-known brands (such as microsoftt[dot]com or amazonlink[dot]online) whose lack of reputation also makes detection by reputation feeds alone unreliable.
Helios real-time, deep-learning algorithms address both problems.
The algorithms prevent access to DGA-registered domains by identifying those new domains infrequently visited by users and with letter patterns common to DGAs.
They block cybersquatting by hunting for domains with letter patterns similar to well-known brands.
And the algorithms stop brand impersonation by examining parts of the webpage, such as the favicon, images, and text.
These radical advancements in network security are enabled by the cloud-native architecture of Helios’s technology.
Real-time deep learning algorithms require significant compute resources to avoid disrupting the user experience.
The Helios Cloud supplies those resources.
In milliseconds, Helios inspects flows, extracts their destination domain, measures the domain’s risk, and infers the necessary results from the traffic without disrupting the user experience.
At the same time, deep learning models need extensive training data.
The massive data lake underlying Helios Cloud provides that resource.
Built from the metadata of every flow traversing Helios and further enriched by 250+ threat intelligence feeds, the deep learning algorithms benefit from analyzing patterns across all Helios customers.
Those insights are further enhanced by custom analyses derived from customers’ traffic—the result:
Precise, algorithmic identification of suspicious domains.
Helios routinely observes tens of millions of network connection attempts to DGA domains from across the 1700+ enterprises using the Helios Cloud.
For example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675 (15%) were listed in the 250+ threat intelligence feeds consumed by Helios.
By contrast, Helios algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.
Helios’s real-time, deep learning algorithms are not the only way Helios detects and stops threats.
The Helios SASE Cloud‘s combination of SWG, NGFW, IPS, NGAM, CASB, DLP, RBI, and ZTNA provides multitiered protection against exploitations, disrupting cyberattacks at multiple points in MITRE’s ATT&CK Framework.
The deep learning algorithms are the latest AI and ML additions to the Helios SASE Cloud.
Helios has long used machine learning for offline analysis to solve problems at scale, such as OS detection, client classification, and automatic application identification.
ChatGPT is also used in various ways, including automatically generating descriptions of threats for Helios’s threat catalog.
See Helios in action to learn more about our security capabilities.
Share This Article
Get the week’s best