As reported by Wired, Gmail announced today that it has been testing the use of machine learning to identify malicious documents sent to its users. With 300 billion attachments per week the addition of this machine leaning increased the catch rate by 10% in a week.
The article also quoted Bursztein, a representative of Gmail: “Machine learning does amazing things sometimes, but sometimes it’s overhyped. We try to use it as an extra layer rather than the only layer. We think that works way better.” We have high hopes for machine learning as a tool in a toolbelt. Bursztein and Gmail accept the limitation of machine learning by adding it as a layer of protection without removing traditional protection. As with any good network protection, a layered approach using different tools works best. These tools must protect the network using its own specialized way but also work together to identify malicious activity or code on your network. For example, a network firewall should provide traditional antivirus, as well as machine learning like IntelligentAV and sandboxing like APT Blocker. The client computer must also protect itself with antivirus software in case the malware bypasses the network firewall, for instance through a thumb drive.
Gmail’s additional protection provides better security for Gmail users. Their philosophy of adding layers of protection fits well with best security practices.