preventing the threats of tomorrow and beyond
play

PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP - PowerPoint PPT Presentation

Apr 25, 2023 •423 likes •735 views

PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP Product marketing & innovation Is Prevention Possible? 2 Private and confidential FROM PREVENTION TO DETECTIONAND BACK Prevention An Antivir virus us: Polymor

  1. PREVENTING THE THREATS OF TOMORROW AND BEYOND Jonathan Kaftzan VP Product marketing & innovation

  2. Is Prevention Possible? 2 Private and confidential

  3. FROM PREVENTION TO DETECTION…AND BACK Prevention An Antivir virus us: Polymor orphic ic veness ess Signatures- Code based ectiven Antivir An virus us: Encr crypte ted Payload ads Static re Effect Heuristics Mach achin ine e Learni ning ng Met etam amor orphi hic c Static Analysis Code, Filel eles ess Deep Lear arnin ning g Anti-Sandb An andbox ox alware Static & Dynamic Techni nique ues, s, Sandboxin oxing Anti-malwa Exploit oits Analysis Solut utio ions ns Detection An New At Attack ck Behavior vioral al An Analysi sis, s, “needle in a vecto ve tors s & surface aces An Anti-Expl xploi oits ts Detect ection ion & haystack” new Resp sponse onse atta tack ck ve vecto tors s and Threat Hunting surface aces 1990 2000 2010 2015 To date Private and confidential

  4. FROM HUMAN BRAIN TO DEEP LEARNING Artificial Intelligence Machine learning Deep learning 1950 1980 2010 4 Private and confidential

  5. Healthcare Diagnosis WHEN SCIENCE FICTION BECOMES REALITY Personal recommendations Virtual assistants Face recognition Deep learning is the area of artificial intelligence where the real magic is happening right now.

  6. THE BIGGEST IMPROVEMENT IN ARTI TIFICI FICIAL AL INTE TELL LLIG IGENCE ENCE Deep learning has accomplished groundbreaking success in every field it has been applied 20 % - 30 % 20 % - 30 % 10 % - 20 % improvement in improvement in improvement in face recognition voice recognition text analysis AND NOW, DEEP LEARNING IS ALSO TRANSFORMING CYBERSECURITY 6 Private and confidential

  7. DEEP LEARNING, DEEP IMPACT

  8. TRAINING THE BRAIN

  9. DETECTION OF THE UNKNOWN BECOMES AN INSTINCT

  10. DEEP LEARNING Vs. MACHINE LEARNING: NO FEATURE ENGINEERING 0.5 Machine learning 1.8 -6.4 2.3 . . . N Machine learning Raw data Manual feature Vector of features Engineering Deep learning Raw data Deep learning Private and confidential

  11. DEEP LEARNING Vs. MACHINE LEARNING: NO FEATURE ENGINEERING Machine learning Only 2.5%-5% Feature engineering of available data Linear model Limited files type covered (PE) Domain expert Deep learning 100% Of available Non-linear model: Zero time to Autonomous, raw data Context & support intuitive & Automated correlation any new file types between data Private and confidential

  12. DEEP LEARNING Vs. MACHINE LEARNING: NO FEATURE ENGINEERING Machine learning False positives Accuracy with unknown 50-70% 1-2% Deep learning Accuracy with unknown False positives >98% <0.001% Private and confidential

  13. NON-LINEAR VS LINEAR CORRELATION AP API I Dll ll Preve event t access ess to hooki oking g injection regi gistry try key by drive vers rs Malw lware e keylog loggers ers Malw lware e spyware re Malw lware e AP APT 13 Private and confidential

  14. NON-LINEAR VS LINEAR CORRELATION API AP I Dll ll Preve event t access ess to Mach chine e Lear earning: g: Deep ep Lear earning: g: hooki oking g injection regi gistry try key by Linear ear corr rrel elati tions Non-li linea ear r drive vers rs Mach chine e le learni rning corr rrel elati tions Malw lware e keylog loggers ers Malw lware e spyware re Malw lware e AP APT 14 Private and confidential

  15. NON-LINEAR VS LINEAR CORRELATION AP API I Dll ll Preve event t access ess to Linear ear Non-li linea ear r hooki oking g injection regi gistry try key by corr rrel elati tions corr rrel elati tions drive vers rs (Mach chine e le learn rning) g) (Deep ep Lear earning) g) Malw lware e keylog loggers ers Malw lware e spyware re Malw lware e AP APT An Antivi virus s softw tware 15 Private and confidential

  16. EFFECT OF MORE NEURONS LAYERS 3 hidden neuron layers 6 hidden neurons layers 20 hidden neurons layers Malicious Benign • The more layers, the better the accuracy • But…accuracy is limited and also runtime performance will be affected 16 Private and confidential

  17. THE DEEP LEARNING PROCESS FROM TRAINING TO PREDICTION 24 hours Deep Instinct neural network Third party public sources Lightweight agent: Darknet <150MB, <1% CPU Home Made Malware Run on any CPU Only two updates a year Mutated Malware Data sample: hundreds of millions of malicious and benign files Supervised & unsupervised Nvidia GPUs training Private and confidential

  18. THE DEEP LEARNING PROCESS FROM TRAINING TO PREDICTION Milliseconds *.ppt *.exe *.pdf Malicious No Tradeoffs: *.dll *macro Highest *.dll *. macho detection rates, *.doc *.RTF lowest false *.exe Benign *. APK positive *.doc *.ppt *. SWF Connectionless protection Autonomous on-device prevention Private and confidential

  19. DEEP LEARNING BY

  20. WHAT IS THE SOLUTION? Deep Instinct Neural Network Real-time Prevention Technology: >99% detection, <0.001% false positive Proprietary Deep Learning Framework Management Console Any Device, OS and network (1-2 updates a year, 150MB , <1% CPU) Deployment, Brain & Policy Update Zero Risk : No need to rip and replace D-Clients Management console : On prem or cloud PC Server Mobile Tablet Laptop Workstation Private and confidential

  21. REALTIME PREVENTION by Deep Instinct Time to prevent Time to Time to Remediate Investigate & Contain 20 ms 50 ms <1 minute By D-Brain By Deep Classification “… so much of the success of EDR-like features and investigation capabilities relies heavily on the skills and experience of the security administrators using the product day-to-day . ” Private and confidential

  22. WE DO NOT We do NOT use We do NOT require Signature Connectivity Sandboxing (for detection) Frequent updates Traditional machine learning Wait for execution of attack Experts for features Skilled & expensive SOC team engineering 22 Private and confidential

  23. THE VALUE OF THE DEEP INSTINCT PREDICTION MODEL Spora Ransomware Created 10 Months earlier D-Client v1.9 D-Client v1.9 Discovered Release day and Prevented Spora is first First by the Deep reported as a upload to Instinct client new ransomware VirusTotal on a production family endpoint 45 days (at least) 37 days April 2016 Jan 10th 2017 Feb 16th 2017 Feb 24th 2017 23 Private and confidential

  24. MYLOBOT: A NEW HIGHLY SOPHISTICATED NEVER- SEEN-BEFORE BOTNET First detected and prevented on a live customer environment on May 2018 Highly sophisticated botnet incorporates different malicious techniques Malware vs. Malware 24 Private and confidential

  25. MYLOBOT: A NEW HIGHLY SOPHISTICATED NEVER- SEEN-BEFORE BOTNET First detected and prevented on a live Real-time prevention customer environment on May 2018 by deep learning cybersecurity Highly sophisticated botnet incorporates vs different malicious techniques Malware vs. Malware One month of extensive cyber expert analysis 25 Private and confidential

  26. Com ome e Vis isit it Us s at O t Our r Bo Boot oth #5 #552 Take ke th the e Test st / Answe swer r Cor orre rectly ctly / Wi Win a Pr Priz ize Private and confidential

  27. Thank you jonathank@deepinstinct.com | www.linkedin.com/in/jkaftzan Private and confidential

  28. - Founded in 2015 - THE FIRST COMPANY TO APPLY DEEP LEARNING TO CYBERSECURITY THREAT PREVENTION INTELLECTUAL STRATEGIC HIGHLY EXPERIENCE PLATFORM PROPERTY INVESTORS TEAM First-see seen, , Unkn known own Unique prop opri riet etary ry deep ep 90 full time employees le learn rning g framework for Zero ro-da days, s, AP APTs, s, Deep learning scientists , cybersecurity Ransomw somware e comprised of PhDs, MSCs, Protected with 3 Cybersecurity veterans - Ex IDF registered patents & 3 and Israel intelligence Service trademarks 28 Private and confidential

  29. DEEP INSTINCT ’ S MULTI LAYERED PROTECTION POST EXECUTION PRE-EXECUTION ON-EXECUTION Prevent Detection & Response Deep static analysis Deep behavioral analysis Automatic analysis PE | Ransomware | PDF | Office | Macro | Code injection | Enhanced Ransomware | Malware classification | Attack timeline (process chain) | Offline sandboxing Fonts | TIFF | RTF | SWF | Mach-O | JAR Metasploit's shellcodes *Virus – file infectors | *Worms | File reputation (D-cloud) *Keyloggers | *Credentials dumping | *Banking Remediation trojans | *Spyware Script control Whitelist/blacklist – Hash, Certificate, Folder | Import of list of indicators | File quarantine and restore | File delete | Terminate running process | Isolate device network Private and confidential * Roadmap

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Preventing and Reducing threats from Vessel Discharges to the Great Lakes GLWQA Annex 5

Preventing and Reducing threats from Vessel Discharges to the Great Lakes GLWQA Annex 5

Preventing and Reducing threats from Vessel Discharges to the Great Lakes GLWQA Annex 5 Discharges from Vessels 2016 Great Lakes Public Forum October 4-6, 2016 Toronto, ON Chris Wiley Transport Canada Source: USCG Lorne Thomas

443 views • 8 slides
TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats

TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats

TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats Explosive ad incendiary Threats Bio Hazardous Powder Threats 3 Improvised mechanical Devices TR15 Smart Scan Can easily detect the component

192 views • 16 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
Managing Coal Burn Challenges of Yesterday, Today and Tomorrow Greg Nunley Director Coal

Managing Coal Burn Challenges of Yesterday, Today and Tomorrow Greg Nunley Director Coal

Managing Coal Burn Challenges of Yesterday, Today and Tomorrow Greg Nunley Director Coal Services April 2015 Adapting to Changing Market Dynamics Threats to Supplier Financial Stature U.S. power sector coal demand decline is eroding

539 views • 17 slides
Loom ing Threats - transcript of presentation video Nick : Team 4 Looming Threats, please give

Loom ing Threats - transcript of presentation video Nick : Team 4 Looming Threats, please give

Loom ing Threats - transcript of presentation video Nick : Team 4 Looming Threats, please give them a hand. Mark : Good afternoon, Simon and I have the absolute pleasure to be presenting on behalf of Team Looming Threats. So, one of the, I guess

377 views • 3 slides
Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach

Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach

Preventing Preventing Sepsis: Sepsis: A C A Community B ommunity Based ased Approach Approach NY NYS S Se Senior nior Acti Action on Co Coun uncil cil Dec Decem embe ber 13 r 13, , 20 2016 16 Ev Eve e Bank Bankert ert

283 views • 24 slides
CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats to small businesses 3. Cyber Recovery Insurance Y our presenters Anne Jackson Sarah Morton Gary Hibberd Sales Director, Lorega Sales and

342 views • 31 slides
Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order):

Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order):

Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order): Iljitsch van Beijnum, Steve Bellovin, Brian Carpenter, Mike O'Dell, Sean Doran, Dave Katz, Tony Li, Erik Nordmark, and Pekka Savola Why? Allowing

612 views • 11 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow

Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow

5/7/2012 Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow evening tomorrow evening tomorrow evening Topics were listed in Day 24 slides Some WA9 problems are good reinforcement of exam

362 views • 9 slides
ICA ICA ICA Self-Defending Networks Digital antibodies neutralize threats

ICA ICA ICA Self-Defending Networks Digital antibodies neutralize threats

ICA ICA ICA Self-Defending Networks Digital antibodies neutralize threats Automatically responds to threats faster than any security team can Takes measured, targeted actions Does not disrupt day-to-day business or

169 views • 5 slides
The A/ A/E/ E/C I Industr try Toda day, T Tomorrow, a and B d Beyond nd Gerry rry

The A/ A/E/ E/C I Industr try Toda day, T Tomorrow, a and B d Beyond nd Gerry rry

The A/ A/E/ E/C I Industr try Toda day, T Tomorrow, a and B d Beyond nd Gerry rry Salont ntai The A/E/C Industry Today, Tomorrow and Beyond The Overall Economy Is Great! We have the lowest unemployment since the late 1960s

792 views • 39 slides
Preventing Slips, Trips and Falls Rob Shaw www.robshawassociates.com Who We Are Rob: Over

Preventing Slips, Trips and Falls Rob Shaw www.robshawassociates.com Who We Are Rob: Over

Preventing Slips, Trips and Falls Rob Shaw www.robshawassociates.com Who We Are Rob: Over 14 years with HSE investigating and preventing falls Technical Lead for the HSE Falls Prevention Team Has delivered training and consultancy

471 views • 36 slides
REFUGE CONTAINER FIRE PREVENTION PREVENTING PROTECTING RESPONDING [etc] PREVENTING PROTECTING

REFUGE CONTAINER FIRE PREVENTION PREVENTING PROTECTING RESPONDING [etc] PREVENTING PROTECTING

REFUGE CONTAINER FIRE PREVENTION PREVENTING PROTECTING RESPONDING [etc] PREVENTING PROTECTING RESPONDING FIRE KILLS BIN FIRE RISKS DELIBERATE ACCIDENTAL PREVENTING PROTECTING RESPONDING BIN FIRE RISKS PREVENTING PROTECTING RESPONDING BIN

141 views • 10 slides
The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana

The New Era of Cyber Threats The Shift to Self-Learning, Self-Defending Networks Georgiana Wagemann Director of Sales, Darktrace Evolving Threats in a New Business Landscape Outsourced IT, SaaS, cloud, virtual, supply chain, IoT Not just data

412 views • 15 slides
Today and Tomorrow HEARING LOSS TECHNOLOGY TODAY AND TOMORROW Laura E. Plummer, MA, CRC, ATP

Today and Tomorrow HEARING LOSS TECHNOLOGY TODAY AND TOMORROW Laura E. Plummer, MA, CRC, ATP

OPENING THE LINES OF COMMUNICATION Today and Tomorrow HEARING LOSS TECHNOLOGY TODAY AND TOMORROW Laura E. Plummer, MA, CRC, ATP Outreach Services WESP-DHH for the D~r a.nd ~rd of Hca r,n,1 OBJECTIVES Identify signaling and environmental

688 views • 43 slides
Announcements: - Thank you for participating in our mid-quarter evaluation Thank you for

Announcements: - Thank you for participating in our mid-quarter evaluation Thank you for

Announcements: - Thank you for participating in our mid-quarter evaluation Thank you for participating in our homework feedback polls! - - Course project - Average was ~80% Dont worry about grade but take feedback seriously - -

423 views • 41 slides
On the Algorithmic Power of Spiking Neural Networks Chi-Ning Chou Kai-Min Chung Chi-Jen Lu

On the Algorithmic Power of Spiking Neural Networks Chi-Ning Chou Kai-Min Chung Chi-Jen Lu

On the Algorithmic Power of Spiking Neural Networks Chi-Ning Chou Kai-Min Chung Chi-Jen Lu Harvard University Academia Sinica Academia Sinica ITCS 2019 Chi-Ning Chou (Harvard University) On the Algorithmic Power of Spiking Neural Networks

1.37k views • 83 slides
= no shared accounts In open systems it should rely on authenticity of the information, in

= no shared accounts In open systems it should rely on authenticity of the information, in

Access Control Pierangela Samarati Dipartimento di Tecnologie dellInformazione Universit` a degli Studi di Milano e mail: samarati@dti.unimi.it FOSAD 2008 1 Privacy and Data Protection Pierangela Samarati c Access control It

1.41k views • 77 slides
Portfolio Management Financial Markets, Day 4, Class 1 Jun Pan Shanghai Advanced Institute of

Portfolio Management Financial Markets, Day 4, Class 1 Jun Pan Shanghai Advanced Institute of

Portfolio Management Financial Markets, Day 4, Class 1 Jun Pan Shanghai Advanced Institute of Finance (SAIF) Shanghai Jiao Tong University April 21, 2019 Financial Markets, Day 4, Class 1 Portfolio Management Jun Pan 1 / 52 Outline for Day

803 views • 52 slides
Classification Problems From Regression to Classification x } Suppose we have two classes of

Classification Problems From Regression to Classification x } Suppose we have two classes of

Review: The General Learning Problem } We want to learn functions from inputs to outputs, where each input has n features: Inputs h x 1 , x 2 , . . . , x n i , with each feature x i from domain X i . Outputs y from domain Y . Function to learn: f :

689 views • 7 slides
I n t r o d u c t i o n t o H i g h - l e v e l S y n t h e s i s

I n t r o d u c t i o n t o H i g h - l e v e l S y n t h e s i s

J o i n t I C T P - I A E A S c h o o l o n Z y n q - 7 0 0 0 S o C a n d i t s A p p l i c a t i o n s f o r N u c l e a r a n d R e l a t e d I n s t r u me n t a t

1.1k views • 36 slides
Chapter 8. Support Vector Machines Wei Pan Division of Biostatistics, School of Public Health,

Chapter 8. Support Vector Machines Wei Pan Division of Biostatistics, School of Public Health,

Chapter 8. Support Vector Machines Wei Pan Division of Biostatistics, School of Public Health, University of Minnesota, Minneapolis, MN 55455 Email: weip@biostat.umn.edu PubH 7475/8475 Wei Pan c Introduction SVM: 4.5.2, 12.1-12.3;

508 views • 18 slides
and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein

and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein

and 611 + for small : Integer factorization Sieving 1 612 2 2 3 3 D. J. Bernstein 2 2 613 3 3 614 2 4 2 2 615 3 5 Thanks to: 5 5 616 2 2 2 7 6 2 3 617 University of Illinois at Chicago 7 7 618 2 3 8 2 2 2

411 views • 29 slides

More recommend