PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP - - PowerPoint PPT Presentation

preventing the threats of tomorrow and beyond
SMART_READER_LITE
LIVE PREVIEW

PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP - - PowerPoint PPT Presentation

Apr 25, 2023 423 likes •740 views

PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP Product marketing & innovation Is Prevention Possible? 2 Private and confidential FROM PREVENTION TO DETECTIONAND BACK Prevention An Antivir virus us: Polymor

slide-1
SLIDE 1

PREVENTING THE THREATS OF TOMORROW AND BEYOND

Jonathan Kaftzan

VP Product marketing & innovation

slide-2
SLIDE 2

Private and confidential

2

Is Prevention Possible?

slide-3
SLIDE 3

Private and confidential

FROM PREVENTION TO DETECTION…AND BACK

1990 2000 2010 2015

Detection Prevention

An Anti-malwa alware re Effect ectiven veness ess

An Antivir virus us: Signatures- based An Antivir virus us: Static Heuristics Sandboxin

  • xing

Solut utio ions ns Behavior vioral al An Analysi sis, s, An Anti-Expl xploi

  • its

ts Detect ection ion & Resp sponse

  • nse

Threat Hunting Mach achin ine e Learni ning ng Static Analysis Encr crypte ted Payload ads Polymor

  • rphic

ic Code An Anti-Sandb andbox

  • x

Techni nique ues, s, Exploit

  • its

New At Attack ck ve vecto tors s & surface aces Met etam amor

  • rphi

hic c Code, Filel eles ess “needle in a haystack” new atta tack ck ve vecto tors s and surface aces

Deep Lear arnin ning g

Static & Dynamic Analysis

To date

slide-4
SLIDE 4

Private and confidential

4

FROM HUMAN BRAIN TO DEEP LEARNING

Artificial Intelligence Machine learning Deep learning

1950 1980 2010

slide-5
SLIDE 5

Deep learning is the area of artificial intelligence where the real magic is happening right now.

WHEN SCIENCE FICTION

BECOMES REALITY

Virtual assistants Healthcare Diagnosis Face recognition Personal recommendations

slide-6
SLIDE 6

Private and confidential

6

THE BIGGEST IMPROVEMENT IN ARTI TIFICI FICIAL AL INTE TELL LLIG IGENCE ENCE

AND NOW, DEEP LEARNING IS ALSO TRANSFORMING CYBERSECURITY

Deep learning has accomplished groundbreaking success in every field it has been applied improvement in face recognition

20%-30%

improvement in voice recognition

20%-30%

improvement in text analysis

10%-20%

slide-7
SLIDE 7

DEEP LEARNING, DEEP IMPACT

slide-8
SLIDE 8

TRAINING THE BRAIN

slide-9
SLIDE 9

DETECTION OF THE UNKNOWN

BECOMES AN INSTINCT

slide-10
SLIDE 10

Private and confidential

DEEP LEARNING Vs. MACHINE LEARNING:

NO FEATURE ENGINEERING

Manual feature Engineering

Machine learning

Vector of features Raw data

0.5 1.8

  • 6.4

2.3 . . . N Deep learning

Raw data

Machine learning Deep learning

slide-11
SLIDE 11

Private and confidential

DEEP LEARNING Vs. MACHINE LEARNING:

NO FEATURE ENGINEERING

Only

2.5%-5%

  • f available data

Feature engineering Domain expert Linear model Limited files type covered (PE) Autonomous, intuitive & Automated

100%

Of available raw data Zero time to support any new file types Non-linear model: Context & correlation between data

Machine learning Deep learning

slide-12
SLIDE 12

Private and confidential

DEEP LEARNING Vs. MACHINE LEARNING:

NO FEATURE ENGINEERING

Accuracy with unknown

>98% <0.001%

False positives Accuracy with unknown False positives

50-70% 1-2%

Machine learning Deep learning

slide-13
SLIDE 13

Private and confidential

13

NON-LINEAR VS LINEAR CORRELATION

AP API I hooki

  • king

g Dll ll injection Preve event t access ess to regi gistry try key by drive vers rs Malw lware e keylog loggers ers Malw lware e spyware re Malw lware e AP APT

slide-14
SLIDE 14

Private and confidential

14

NON-LINEAR VS LINEAR CORRELATION

Mach chine e Lear earning: g: Linear ear corr rrel elati tions Mach chine e le learni rning Deep ep Lear earning: g: Non-li linea ear r corr rrel elati tions AP API I hooki

  • king

g Dll ll injection Preve event t access ess to regi gistry try key by drive vers rs Malw lware e keylog loggers ers Malw lware e spyware re Malw lware e AP APT

slide-15
SLIDE 15

Private and confidential

An Antivi virus s softw tware

15

NON-LINEAR VS LINEAR CORRELATION

Linear ear corr rrel elati tions (Mach chine e le learn rning) g) Non-li linea ear r corr rrel elati tions (Deep ep Lear earning) g) AP API I hooki

  • king

g Dll ll injection Preve event t access ess to regi gistry try key by drive vers rs Malw lware e keylog loggers ers Malw lware e spyware re Malw lware e AP APT

slide-16
SLIDE 16

Private and confidential

16

  • The more layers, the better the accuracy
  • But…accuracy is limited and also runtime performance will be affected

EFFECT OF MORE NEURONS LAYERS

3 hidden neuron layers 6 hidden neurons layers 20 hidden neurons layers

Malicious Benign

slide-17
SLIDE 17

Private and confidential

24 hours

Deep Instinct neural network

Nvidia GPUs

Third party public sources Darknet Home Made Malware Mutated Malware

Data sample: hundreds of millions

  • f malicious and benign files

Supervised & unsupervised training Lightweight agent: <150MB, <1% CPU Run on any CPU Only two updates a year

THE DEEP LEARNING PROCESS FROM TRAINING TO PREDICTION

slide-18
SLIDE 18

Private and confidential

Milliseconds

No Tradeoffs: Highest detection rates, lowest false positive

Malicious Benign

*. macho *.dll *macro *.ppt

*.exe *.pdf

*.doc *.dll

*.doc *. APK

*.ppt *.exe *. SWF

*.RTF

Connectionless protection Autonomous on-device prevention

THE DEEP LEARNING PROCESS FROM TRAINING TO PREDICTION

slide-19
SLIDE 19

DEEP LEARNING BY

slide-20
SLIDE 20

Private and confidential

Management Console

Deployment, Brain & Policy Update

PC Laptop Workstation Server Mobile Tablet

D-Clients Deep Instinct Neural Network

Real-time Prevention Technology: >99% detection, <0.001% false positive Any Device, OS and network (1-2 updates a year, 150MB , <1% CPU) Zero Risk: No need to rip and replace Proprietary Deep Learning Framework Management console: On prem or cloud

WHAT IS THE SOLUTION?

slide-21
SLIDE 21

Private and confidential

REALTIME PREVENTION by Deep Instinct

Time to prevent

20 ms

By D-Brain Time to Investigate

50 ms

By Deep Classification Time to Remediate & Contain

<1 minute

“…so much of the success of EDR-like features and investigation capabilities relies heavily on the skills and experience of the security administrators using the product day-to-day.”

slide-22
SLIDE 22

Private and confidential

22

WE DO NOT

We do NOT use

Traditional machine learning Sandboxing (for detection) Signature Skilled & expensive SOC team Connectivity Frequent updates Wait for execution of attack

We do NOT require

Experts for features engineering

slide-23
SLIDE 23

Private and confidential

Spora is first reported as a new ransomware family

Jan 10th 2017 23

THE VALUE OF THE DEEP INSTINCT PREDICTION MODEL

Spora Ransomware

First upload to VirusTotal

Feb 24th 2017 Feb 16th 2017

D-Client v1.9

Discovered and Prevented by the Deep Instinct client

  • n a production

endpoint

D-Client v1.9

Release day

45 days (at least) 37 days Created 10 Months earlier April 2016

slide-24
SLIDE 24

Private and confidential

24

MYLOBOT: A NEW HIGHLY SOPHISTICATED NEVER- SEEN-BEFORE BOTNET

First detected and prevented on a live customer environment on May 2018 Malware vs. Malware Highly sophisticated botnet incorporates different malicious techniques

slide-25
SLIDE 25

Private and confidential

25

MYLOBOT: A NEW HIGHLY SOPHISTICATED NEVER- SEEN-BEFORE BOTNET

Real-time prevention by deep learning cybersecurity

vs

One month of extensive cyber expert analysis

First detected and prevented on a live customer environment on May 2018 Malware vs. Malware Highly sophisticated botnet incorporates different malicious techniques

slide-26
SLIDE 26

Private and confidential

Com

  • me

e Vis isit it Us s at O t Our r Bo Boot

  • th #5

#552

Take ke th the e Test st / Answe swer r Cor

  • rre

rectly ctly / Wi Win a Pr Priz ize

slide-27
SLIDE 27

Private and confidential

jonathank@deepinstinct.com | www.linkedin.com/in/jkaftzan

Thank you

slide-28
SLIDE 28

Private and confidential

  • Founded in 2015 -

28

THE FIRST COMPANY TO APPLY DEEP LEARNING TO CYBERSECURITY

Unique prop

  • pri

riet etary ry deep ep le learn rning g framework for cybersecurity Protected with 3 registered patents & 3 trademarks

INTELLECTUAL PROPERTY HIGHLY EXPERIENCE TEAM

90 full time employees Deep learning scientists, comprised of PhDs, MSCs, Cybersecurity veterans - Ex IDF and Israel intelligence Service

STRATEGIC INVESTORS

First-see seen, , Unkn known

  • wn

Zero ro-da days, s, AP APTs, s, Ransomw somware e

THREAT PREVENTION PLATFORM

slide-29
SLIDE 29

Private and confidential

PRE-EXECUTION

Prevent

POST EXECUTION

Deep static analysis

PE | Ransomware | PDF | Office | Macro | Fonts | TIFF | RTF | SWF | Mach-O | JAR

File reputation (D-cloud) Script control Automatic analysis

Malware classification | Attack timeline (process chain) | Offline sandboxing

Remediation

Whitelist/blacklist – Hash, Certificate, Folder | Import of list of indicators | File quarantine and restore | File delete | Terminate running process | Isolate device network

ON-EXECUTION

Detection & Response

Deep behavioral analysis

Code injection | Enhanced Ransomware | Metasploit's shellcodes *Virus – file infectors | *Worms | *Keyloggers | *Credentials dumping | *Banking trojans | *Spyware

DEEP INSTINCT’S MULTI LAYERED PROTECTION

* Roadmap