How Deep Instinct combat cyber attacks with deep learning
Can you tell me about your company?
Deep Instinct is the first company to apply end-to-end deep learning to cybersecurity. We take a prevention-first approach to stopping ransomware and other malware. Deep Instinct’s framework is one of only six major deep learning frameworks in the world, and more importantly, it is the world’s first and only purpose-built deep learning framework for cybersecurity.
We allow organisations to focus on preventing cyberattacks before they infect an environment and achieve impact, rather than detecting and responding to them, once the damage has likely already been done. Our deep learning technology is able to protect organisations from known, unknown, and zero-day threats, with both a superior accuracy and speed than other endpoint protection platforms (EPP).
What is your role and responsibilities at the company?
It has been five-and-a-half years since I joined Deep Instinct and my current role is VP Research and Deep Learning, leading all security and cyber research related activities as well as our applied ML and DL research. I have experience in cybersecurity research and operations, having managed multifunctional teams of hackers, researchers, engineers, and data scientists. I feel passionate about our deep learning solution and the prevention-first message we believe in.
Prior to joining Deep Instinct in 2016, I served for 14 years as an officer in the IDF’s (Israeli Defence Forces) elite cyber unit 8200. Over the years I have worked with several industry, defence, and intelligence partners and agencies in North America and Europe.
How is deep learning technology transforming the cyber security landscape?
The majority of organisations that use AI as a cybersecurity solution are often referring to the use of machine learning, which is composed of datasets manually inputted by security teams to identify patterns and links in order to learn the difference between malicious and benign activity.
Whilst machine learning does provide additional aid to security teams when dealing with basic and recognised threats, it can have its limitations. The use of human-engineered and manually selected features, which machine learning is taught from, means that there is a significant loss of information, exclusive reliance on human understanding and grasp of the problem domain and greater susceptibility to mutations and variations. Those ultimately lead to a lower accuracy rate, a higher false-positive rate, and the inability to deal with unknown and zero-day threats.
Deep learning, on the other hand, is able to provide real-time protection and information for security teams where machine learning cannot. It is an advanced subset of AI-based on artificial neural networks’ structures and algorithms that operate in the same way as the human brain does. At Deep Instinct, neural networks are trained on massive sets of raw data samples consisting of millions of files to independently determine benign or malicious code.
Currently, there is only one deep learning framework in the cybersecurity industry. This algorithm is fully autonomous, and analyses 100% of the data, therefore it is not subject to human error and, as a result, false negatives and positives are dramatically reduced.
This is a game-changer for security teams who spend the majority of their working hours on false positives. Research done by Deep Instinct showed that 24% of UK organisations cited the volume of false positives as being one of the biggest barriers when detecting threats present within the network. Security teams that spend their hours dealing with false positives can feel like their work is wasted, which may result in them leaving the industry.
However, if organisations implement deep learning, the majority of false positives are dealt with automatically. The security teams’ time can therefore be better spent on critical priority activities such as threat hunting and ensures that genuine threats, including unknown ones, are dealt with immediately. Additionally, employees feel like their work is having a positive impact and are more likely to stay in their job, ultimately plugging the cybersecurity skill gap we are currently seeing.
Why do you think it is important to incorporate intelligent technology into cyber security applications?
Most organisations are settling for a mitigation approach to cyber security, where they consider the best solution to a breach is stopping an attack once the threat actors are in their environment. This means several steps of the attacks need to execute and run before they are picked up and checked to see if they are malicious, sometimes taking minutes, hours or even days.
The impacts of a successful cyberattack can be devastating, with potential long-term damage significantly affecting customers and employees. With organisations on a knife-edge when it comes to the impact of a cyberattack, sometimes even 60 seconds is too long to wait for analysis.
Organisations need to implement intelligent technology, such as deep learning, into cyber security applications to help shift the mindset of security teams to preventing cyberattacks rather than mitigating them after the fact. The independent working of deep learning gives a sub-20 millisecond response time, and with the fastest ransomware executing within seconds, cyberattacks can be stopped pre-execution. Security teams will no longer sit in fear waiting for a cyberattack to happen but instead can confidently deal with threats immediately.
What can we expect from Deep Instinct in the future?
As we move into 2022 and beyond, applying deep learning advancements to other areas of cybersecurity is a critical and natural evolution of technology. Deep learning technology can be applied to several areas such as scanning files uploaded and downloaded from the cloud, the Internet and adapted into threat detection and response systems. The bottom line is deep learning is the most advanced technology available to combat cyber threats today, and Deep Instinct is leading the charge.