DEC 07, 2021
Applying the power of deep learning to cybersecurity
OCT 13, 2021
Deep Instinct applies deep learning to cybersecurity—going beyond what machine learning can ... [+] GETTY
Cyber attacks are not a new issue by any stretch of the imagination—but they are a rapidly growing threat. As the volume and types of technologies businesses and consumers use continues to expand, the attack surface—the configuration errors, vulnerabilities, human errors, or other weaknesses that increase the potential for a successful cyber attack—increases exponentially. To keep pace with the threat landscape, organizations need to rethink their approach to security.
According to AVTest, there are more than 18,000 new malware and/or potentially unwanted applications identified every hour. That works out to more than 400,000 new threats per day. I don’t care how large an organization is, or how many people are on the IT security team, that volume of threats is simply too much for any manual processes or human intervention. Companies have to be able to automate as much as possible in order to keep up.
The challenge is greater than simply scalability, though. What is even more important is the ability to proactively identify and stop attacks before they happen. There are lots of cybersecurity tools out there that promise to help organizations scale to manage the volume of threats and help separate the signal from the noise to identify security events that should be escalated to the IT security team for response. However, those tools often generate an overwhelming volume of alerts and false positives—creating more work for the IT security team rather than stopping the attacks.
The problem organizations face is that most of cybersecurity is reactionary. The tools they depend on to protect their environment rely on signatures or indicators of compromise to detect threats. That means those tools are ineffective against zero-day or other unknown threats, because they’re only good at recognizing threats they already know about.
That is where deep learning can change the game. Deep learning is a subfield of machine learning. Machine learning algorithms are great for analyzing data to solve problems—but it has limitations. A PC Magazine article explains, “Deep-learning algorithms solve the same problem using deep neural networks, a type of software architecture inspired by the human brain (though neural networks are different from biological neurons). Neural networks are layers upon layers of variables that adjust themselves to the properties of the data they're trained on and become capable of doing tasks such as classifying images and converting speech to text.”
Deep learning is a younger field and there are relatively few players focused in this domain. There are only a handful of deep learning neural networks in existence, and only one being used to address the current challenges in cybersecurity. That deep learning framework belongs to Deep Instinct.
I spoke with Guy Caspi, co-founder and CEO of Deep Instinct, about the current state of cybersecurity and how deep learning can change the game. Caspi combines a background in nation-state cybersecurity with degrees in mathematics and machine learning to bring unique perspective to the challenges of defending against cyber attacks.
Caspi told me, “What I’ve seen in the last three years—the sophistication, the complexity, the techniques of cyber attacks—it’s in a whole different league.”
He explained that the APTs and complex threats can easily evade most of the security solutions in the market. He also stressed the point that most of the existing cybersecurity tools wait for the attack before reacting—forcing the organization to urgently react to an ongoing security event. Obviously, that is a problem.
Deep Instinct recently published the bi-annual Voice of SecOps Report, which found that IT security teams typically take around 24 hours to respond to a cyber event after it has been detected. That’s an entire day of malicious activity continuing after it has already been identified as malicious.
“The whole idea behind Deep Instinct,” Caspi said, “is to predict and prevent before something is going to infect you—before something is going to on your PC, mobile device, tablet, server, or whatever.”
Deep Instinct applies deep learning to work preemptively. Caspi described how their solution analyzes files and vectors prior to execution—keeping customers protected in “zero-time.” He explained that speed is crucial in the current threat landscape and that many solutions promise real-time—but real-time is too late.
OK, but what is deep learning, actually? How is it better than standard machine learning and how does it improve cybersecurity?
Caspi shared an example to shed some light on this. “If I give you 100 pictures of a cat and a dog, you will probably recognize what is a cat and what is a dog with 100% accuracy. The reason for that is that you learn and you digest such a huge amount of data in your life, that you know and understand what is a cat and what is a dog.”
But how? He pointed out that even though people are very good at easily identifying which is a cat and which is a dog, that if you ask them to describe three features that define the distinction between a cat and a dog, few people can come up with even one that is clear and would work every time.
It comes down to an ability to recognize subtle differences and make a judgment to accurately define the age based on what you have learned from a lifetime of past information.
“That is exactly what we are doing. We are imitating the brain and how we think by exposing the deep neural network to a huge amount of data—an amount of data that no other machine learning in the world can process and digest and crunch this data to learn and be better every day.”
Continuing the analogy, imagine if identifying a cat or a dog was reactionary like cybersecurity. What if you could recognize gray cats, but then a brown cat came along and you simply had no frame of reference for understanding that it’s a cat until someone first analyzed it and provides a signature or an indicator that lets you recognize it as a cat? That seems highly inefficient and ineffective.
Automation is critical for protecting against the massive volume of threats organizations are facing—but standard machine learning is too limited and still requires too much tuning and human intervention to yield the desired results. Deep learning goes that extra step to continue evolving and learning over time so it can preemptively recognize and block threats that it hasn’t seen before.