Wandera uses machine learning to protect against new mobile security threats

Machine learning at the heart of efforts to identify threats, CEO Eldar Tuvey tells Computing

Mobile security firm Wandera is harnessing the power of automated machine learning to ensure its customers are protected against as many security vulnerabilities as possible, even those that were previously unknown.

That's what Eldar Tuvey, co-founder and CEO of Wandera, told Computing about the firm's SmartWire proprietary threat intelligence engine.

SmartWire operates as part of Wandera's Secure Mobile Gateway platform, which won the mobile security category at Computing's Vendor Excellence Awards 2015. Customers of the platform include EY, NATO and KPMG.

"At the heart of the gateway we have our SmartWire correlation engine, which uses a bunch of different techniques, specifically machine learning," said Tuvey, who described some of the techniques used to identify threats.

"We look at code reputation, we plug in malware and phishing databases, we look at URL reputation, the traffic reputation; so we use a bunch of different indicators to correlate all this data," he said, adding that data from the customer is also harnessed.

"We also connect to the company's Enterprise Mobility Management, their management console which gives us a third stream of data."

All of that gives Wandera 480 million data points a day, which can be assessed by the machine-learning algorithms to find anomalies, explained Tuvey, who outlined what some of these suspicious behaviours and patterns include.

"If links are being clicked on at a rate of 20 a second, if activity is being recorded at a weird time of day, or if it's linking to a strange IP address that you've seen in the past which has been malicious, they're all indicators for us that something suspicious is going on," he explained.

The key when using machine learning to continually update information about potential threats, Tuvey said, is "having as much data as possible" and to "constantly refine" techniques used to hunt for malware and threats, something machine learning algorithms can be used for to great effect.

"We have our malware researchers constantly honing the algorithms to detect new threats, existing threats, previous threats," he explained.

Wandera even uses statistics and data from other security firms in order to provide its machine-learning platform with the best algorithms possible.

"We learn from others as well and we're not embarrassed to learn from other known malware out there and we try to incorporate that into our engine so that the customers that we have are protected," Tuvey said.