ElevenPaths, the cybersecurity company part of Telefónica Tech, has created DIARIO, a new concept of malware detection that scans Office 365 and PDF documents without the need for the scanning engine to access or process the content.
The tool, developed by the ElevenPaths’ Innovation Lab team, extracts certain functionalities from the files (never the content) and sends them to the server, which rapidly detects and guarantees the privacy of the content, whether the document contains any kind of malware or not.
DIARIO incorporates a kind of artificial intelligence that’s been specifically trained to detect malware that generally evades traditional antivirus solutions and, for this purpose, it performs a document analysis procedure without the need to access the content of the documents, a fundamental feature in the event that the files have indeed private or sensitive information.
Unlike other machine learning-based solutions for detecting malware, DIARIO is characterised by the following:
- It respects privacy: it’s been designed to specialise in documents whose privacy it’s necessary to safeguard: PDF and Office 365.
- It’s intelligent: its learning model has been trained with malicious indications that are harder for traditional antiviruses to recognise, in order to cover a gap that these solutions aren’t able to fill. It’s therefore not designed to replace antiviruses but rather to complement them by acting within a space that endpoint solutions cannot reach.
- The analyst panel: developed to enable cybersecurity analysts to validate and reinforce their analysis protocol and study in a convenient and assisted manner. It’s geared towards two profiles of users: those who want to use the prediction service without compromising the document data and analysts who can benefit from the database of detected threats without having access to any private data in the documents.
“On many occasions we receive an email with a document supposedly containing a file attachment with confidential information that comes from a legitimate and known source and which, despite having passed through the mail’s antivirus filter, may contain some type of malware. In these cases, using DIARIO allows us to add an additional layer of security to the gateway antivirus that has failed, without jeopardising the content of the document in the event that it’s actually confidential”, explains Sergio de los Santos, director of the ElevenPaths´ Innovation Lab.
DIARIO, which is currently used on an internal basis by Telefónica, is free and can be used directly on its official website or downloaded and installed on a computer. As it’s a collaborative tool, the more users have it the better, because all their knowledge is shared and the formula can continue to be improved and extended to other kinds of files.