Deep Learning: The First Choice in Cybersecurity Endpoint Protection
The Challenge of Unknown Malwares and Fileless Attacks
Endpoint protection, that is – protecting the corporate network from being accessed and attacked via remote devices – has never been more challenging. These devices include all of the corporate servers, workstations, laptops, and other mobile and wireless devices, each of which has a remote connection to the network. This means that each of these also constitutes a potential entry point for cyberattacks.
Thus, with many enterprises overseeing thousands, and sometimes tens or even hundreds of thousands of endpoints, the security of each of these endpoints is critical for reducing the risk of exposure.
Ensuring endpoint protection is generally endeavored by deploying a cybersecurity solution that consists of software that is located on a centrally managed server within the network, along with software that is installed on the endpoint clients.
Gartner defines EPP solutions as those that are “deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
The situation though, is even more demanding than the Gartner definition implies. Namely, malware attacks are not always known, nor are they always file-based. This makes detecting and preventing malware attacks very tricky, especially with unknown malware said to hit an organization 100 times every hour. And, with fileless attacks said to account for the majority of all cyberattacks in 2017 (darkreading.com).
While, clearly, fileless malware attacks pose a threat to organizations, they also pose a great challenge for security vendors. This is due to the fact that they use various non-executable file formats for infection, and have the ability to execute parts of the malicious logic of the attack in-memory only.
With that in mind, the need for more sophisticated tools than those used by cybercriminals, has never been greater and is continually increasing.
Typical Cybersecurity Measures Can No Longer Live Up to the Task
Traditionally, the means that have been used to ensure endpoint protection have been blacklists of hashes, signatures, heuristics, and machine learning-based models. Each of these approaches leave the organization woefully at risk due to their limitations when it comes to unknown and fileless attacks.
Let’s take a look at unknown attacks, for example. These types of malware typically constitute files that have undergone only a small mutation, which changes the hash of the file. This makes endpoint and mobile protection solutions that rely on traditional methods vulnerable to such mutations, however small they are, because their existing hashing signatures will not match the new mutations’ hashes.
As for fileless attacks, because the malicious logic of the attack usually occurs only in memory, traditional static approaches to detection fail because no file is saved to disk. In addition, this also complicates post-event analysis, since many artifacts related to the attack exist in memory only, and they might be overwritten or removed by the time of discovery, through a reboot, for example.
Even Machine Learning Struggles to Bridge the Gap
To overcome the challenges posed by unknowns and fileless attacks the cybersecurity industry has turned to artificial intelligence (AI), the technology that enables machines to perform tasks that are characteristic of human intelligence. Specifically, it has turned to a branch of AI known as machine learning (ML), which is an advancement within AI, whereby computers are “trained” to learn and adjust to improve without being explicitly programmed.
In spite of the success of machine learning in multiple disciplines – such as image and voice recognition, this technology is limited when applied to cybersecurity. This is due to its reliance on feature extraction, a process by which human experts dictate what are the important features (i.e., properties) of each problematic file. This means that in order for a machine learning solution to recognize a malware, experts need to manually program the various features that are associated with it.
Manual feature specification, however, is a time-consuming process, where most of the raw data is disregarded. This can be very problematic as it results in lower accuracy rates and higher false positives.
Furthermore, machine learning employs a model that is linear-based, rendering it unable to take into consideration the fuller context of the data nor the correlation among features. For example, if two or more features exist together, this may indicate that the file is much more malicious, or – to the contrary, that it is not malicious at all. Machine learning, unfortunately, cannot pick up on these very important signals.
Needless to say, with the prevalence of unknowns and fileless attacks, along with the need to act in real-time, and without human intervention – means that cybersecurity needs a new paradigm.
The New Paradigm: Deep Learning
Deep learning is the most advanced subset of artificial intelligence. Also known as “deep neural networks,” it takes inspiration from how the human brain works. Namely, the more data that is fed to the machine, the better it is at intuitively understanding the meaning of new data – and, therefore, does not require the interface of a (human) expert to help it understand the significance of each new input.
Unlike machine learning, which relies on feature extraction, deep learning leverages the entire data set, with no feature extraction nor human involvement required, and where no data goes unprocessed, for much more comprehensive learning.
Accordingly, deep learning is already becoming the new standard in cybersecurity due to its ability to prevent new, never before seen malware in real-time without any human involvement, all while maintaining the lowest rates of false positives along with the highest rates of accuracy.
Deep Instinct Brings Deep Learning to Cybersecurity
To address the ever more complex requirements of endpoint detection, and to overcome the limitations (and associated risk of exposure) of current approaches, Deep Instinct has developed the first cybersecurity solution that harnesses the power of deep learning, and which is also the only solution to be driven by a proprietary deep learning framework that is specifically designed for cybersecurity.
The process includes training on the Deep Instinct Neural Network, our proprietary deep learning computing infrastructure and algorithms that enable the detection and prevention of cyber threats, including unknown malwares and fileless attacks.
The learning is fully autonomous and based on the input of millions to billions of files (malicious and benign) from different sources (3rd party, publicly available sources, darknet, malware mutations, and our own “home grown” malwares). The learning process is extremely fast, leveraging the power of Nvidia GPUs, for training that is 100x faster than that which occurs on CPUs. The output of this training is D-Brain, our prediction model which is then included in the lightweight client (D-client) that is deployed on the organization’s endpoints, mobile devices, and servers.
With this revolutionary technology and process, we are enabling companies all over the world with unprecedented endpoint protection (as well as detection-and-response and mobile security), against any file-based or fileless attack, online or offline, and with real-time detection and prevention of unknown and known malware, including APT, zero-day, and ransomware.
To learn more about how we can help you too prevent what others can’t find, we invite you to reach out to us at: