Webroot Solution: Machine-Learning Based Technology
New advances in machine learning from Webroot have enabled it to develop innovative malware detection capabilities to identify traditional, zero-day, and polymorphic malware—even malware that avoid being detected by sandboxing techniques. Webroot has evolved its own technologies to complement existing malware detection products by addressing their major drawbacks:- Resource consumption
- Latency
- Dependence on signatures

Figure 1: Webroot rapidly identifies just-released malware and PUA files.
Files attempting to reach hosts within your client’s organization enter the Streaming Malware Detection-enabled solution, which is located in a dedicated appliance at the edge of the network. Streaming Malware Detection analyzes each file and chooses one of the following actions:
- Allow: Streaming Malware Detection recognizes the file as known-benign or otherwise determines it poses no threat to the organization. There is no need to send the file to the sandbox for further evaluation, so the solution passes the file on to its destination.
- Block: Streaming Malware Detection has determined that the file is malicious (malware or PUA), so it does not permit it to go any further.
- Investigate: Streaming Malware Detection cannot determine if the file is benign or malicious, so it sends it to the sandbox or other investigative solution for further analysis and decision making.
Through this architecture, Streaming Malware Detection takes a large burden off sandboxing technologies, as well as other security controls like traditional signature-based antivirus software and endpoint protection suites that are also looking for malware and PUAs. This architecture avoids slowing down network traffic by analyzing files as they stream through the network.
The Streaming Malware Detection architecture is also self-contained, enabling determinations to be made locally by the network device. There is no need to constantly access resources in the cloud or elsewhere outside the organization’s networks in order to make determinations.
In essence, Streaming Malware Detection works as a network-based pre-filter that reduces the number of sandboxes, endpoint protection suites, and other tools you’ll need to analyze files. The combination of a sandboxing technology or endpoint protection suite and a Streaming Malware Detection-enabled solution helps improve file delivery times while enabling MSSPs to maximize return on investment for their existing security technologies.
Find Out More
To learn more about the latest malware and PUA trends, as well as complete details on how Webroot BrightCloud® Streaming Malware Detection functions, download your free copy of the June 2017 Webroot Quarterly Threat Trends report.
Questions? Simply fill out the online Request for Contact form and you’ll receive a call from a Webroot Technology Expert.
Guest blog courtesy of Webroot. Read more Webroot guest blogs here.