Webroot® Intelligence Network

The explosion of cyber-attacks is at such high levels that traditional antivirus approaches are futile. The daily flood of new threats is forcing traditional security vendors to continually update their signature/protection files, which are reactive by nature. They quickly become outdated and ineffective against the short-lived, targeted, stealth attacks that are the hallmark of today's cybercriminal organizations.

The Webroot Intelligence Network (WIN) was purpose-built as a revolutionary approach to next-generation threat protection. WIN integrates billions of pieces of information from millions of sensors to create the world's largest malware detection net. The next-generation threat intelligence produced by WIN is available to Webroot partners through Webroot BrightCloud® Security Services for proactive protection for their customers against both known and never-before-seen attacks.

Webroot Intelligence Network (WIN)

The Webroot Intelligence Network is not just a cloud-based data repository – it's the most powerful, real-time threat analysis engine of its kind. The massive data processing capacity, coupled with our proprietary implementation of the most advanced machine learning technology available and a powerful contextual analysis engine, has enabled Webroot to accurately classify and score unsurpassed numbers of URLs, IPs, files and mobile apps to keep ahead of exponential proliferation of threats facing your customers.

Machine Learning

A key differentiator for Webroot is our industry-unique approach to machine learning. Most security vendors today use either Bayesian Networks or Support Vector Machine (SVM) models to populate work queues for human analysis, which aren't scalable or even particularly accurate. Webroot uses Maximum Entropy Discrimination (MED) for highly accurate and scalable web threat analysis. Here is a brief explanation to outline the differences in complexity of the three machine learning technologies used within the security industry, and the level of accuracy associated with each one.

  1. Bayesian Networks analyzes site features to make predictive determinations and provide a simplistic, two-dimensional model to split known good from bad sites across a flat feature space.
  2. SVM analyzes data, feature and content patterns to make predictions on sites at a higher degree of accuracy than Bayesian Networks, but still requires human analysis to achieve an acceptable confidence level.
  3. MED uses advanced algorithms to weave a flexible fabric through the three-dimensional feature space to make highly definitive determinations on the vast majority of websites – offering speed, scale, and accuracy.
Machine Learning

Through MED, the Webroot Intelligence Network can currently classify 2,500+ URLs per second at an error rate of less than 2% (versus an average human error rate of 5-15%).

Webroot utilizes global teams of multilingual web analysts to analyze the relatively small number of websites where machine learning technology cannot achieve a high enough degree of determination confidence. Human analysts evaluate these corner cases and then feed each of them back into the machine learning model to further improve it, continuously improving accuracy.

Data Correlation

WIN also leverages a powerful contextual analysis engine that takes previously disparate data feeds and correlates it for deep insight into the landscape of interconnected URLs, IPs, files, and mobile apps. Mapping the relationships between these different data points enables Webroot to provide partners with highly accurate and dynamic intelligence that is always up to date, with virtually no false positives.

For example, a seemingly benign IP may not show up as a risk on other vendors IP reputation lists, but because that IP has been tied to other known malicious URLs, IPs, files and/or mobile apps by our contextual analysis engine, the BrightCloud IP Reputation Score is influenced via this correlated intelligence, keeping your customers safe from what could be a never-before-seen attack.

Big Data

To-date, the Webroot Intelligence Network includes:

  • 460 million domains and 13 billion URLs classified and scored
  • 4.3 billion IPs monitored, with a constantly updated list of 12 million malicious IPs
  • 4 billion file behavior records
  • 12 million mobile apps analyzed and scored
  • 8 million sensors

Perfect Knowledge

By combining contextual intelligence and behavioral analysis to overcome the pace of malware innovation, the next generation of threats is rendered obsolete the moment a cyber-attack appears on a WIN connected network or device. Webroot partners keep ahead of the growing volume and sophistication of threats by accessing highly accurate and actionable intelligence through BrightCloud Security Services in real time. Because the Webroot Intelligence Network leverages powerful cloud-based analysis and doesn't rely on stagnant signature files:

  • The vulnerability window between the launch of an attack and protection is minimized
  • As soon as a threat is recognized, the entire network is protected in real time
  • Few resources are needed, freeing up network space and keeping end user impact to a minimum