Stop unknown threats with deep learning

deep instinct Stop unknown threats with deep learning

Deep learning is the name of a new technology trend that companies must use to detect unknown malware. The American manufacturer Deep Instinct is a leading company whose software guarantees an recognition rate of 99.9 percent.

How do we learn a new language like Italian? We memorize words and grammar. We speak and read in Italian. Once we have the basic theoretical knowledge in this new language, we want to talk to native speakers. And when we are really good and speak Italian fluently, we may dream of a new language.

In the brain, neural networks work for us so that we can learn language. In information technology too, there are Artificial Neural Networks (ANN) that can be trained to solve application problems in statistics, technology or economics.

These networks use deep learning technology, a sub-field of machine learning (ML), to identify unknown threats. But can’t ML do that too?

Ralph Crater leads the European team in Deep Instinct for a year.

“It’s not that accurate,” says Ralph Kretter, Vice President of Central and Eastern Europe at Deep Instinct. “Machine learning uses only two to three of the available data to develop an algorithm. This makes the algorithm fast, but the accuracy of detecting unknown threats is only 50 to 70 percent.”

So far, deep learning has mainly been used to automate and categorize data processes in order to improve content for end customers. By developing its own solution, Deep Instinct has been offering IT security software based on deep learning since 2015. The technology was still new at the time; According to Kreter, there was no framework for it yet.

Six years later, the business appears to be going well. After all, the American manufacturer has increased the team in Germany, headed by Krater from Munich, from three to eight people this year. In addition, VAD Nuvias has been selling the solution in the DACH region since June.

Deep Instinct ensures that more than 99 percent of unknown malware is detected within 20 milliseconds. Loud claim. But how exactly does the solution work?

Deep Instinct trains the system one to three times a year. This means that the manufacturer feeds all information about cyberattacks and malware into the data lake. With the help of this foundation, Deep Instinct develops ANNs and algorithms so that the solution can independently identify unknown malware as malware in the future. “There are new threats and new malicious codes every day. However, regularity in training our system is sufficient because it works like a brain,” explains Crater. “That’s why we don’t need any other software updates.”

The software then arrives at the end client machine with a size of approximately 100MB. With this said, Deep Instinct wants to guarantee a false positive rate of just 0.1 percent. But how appropriate is software that does not appear to allow false positives and detect threats before they cause harm as a tool for Managed Security Service Providers (MSSPs)?

Managed services from deep learning

Kreter admits that “the effort for MSSPs is manageable”. The service provider only has to roll out the solution to the end customer, maintain the systems and provide support. “Cleaning the infected computer is no longer necessary. This is no longer happening.”

With classic EDR and NDR (End Point and Network Discovery and Response) solutions, MSSPs have the opportunity to create a consulting business: they generate a report of vulnerabilities present in the IT landscape and show the client appropriate measures to address them to fix them. .

Service providers can also generate such reports from the results of a Deep Instinct solution. It is also recommended for service providers who have SIEM (Security Information and Event Management) to link the two systems together. “If Deep Instinct finds a malicious file on a computer, MSSP can use SIEM to search for such files on computers that do not have a proxy installed on them,” explains Kreter.

Deep learning best practices

TKUC is a partner of Deep Instinct’s MSSP. Thanks to the use of deep learning technology, the service provider has been able to automate many manual activities, such as data recovery and file analysis, thus resting employees.

In a direct comparison with an EDR solution, MSSP was able to identify the following advantages of deep learning:

• The detection rate of offline attacks was higher.

• The recognition speed was higher.

• The use of computer resources was less and the user experience was not restricted.

“The Deep Instinct solution suits us as a dynamic company with a future-oriented focus and an eye on new technologies,” says Santino Nowak, Head of Sales and Marketing at TKUC. “This sets us apart from other companies, our sales team has a new sales approach and has really started to regain a certain amount of curiosity. Of course, trust is not there 100 percent from the start, but that is exactly what we are building through product demos, And tests in the customer environment and more information.”

(ID: 47754763)