Risk & Security

How Deep Learning Is Rewriting the Rules of Cybersecurity

A conversation with Deep Instinct’s Guy Caspi on how his company is deploying the most crucial new weapon in the digital security arsenal.

Guy Caspi puts his money where his mouth is.

But Caspi doesn’t seem to be losing sleep about it. The reason? Deep Instinct, which he co-founded in 2015 with Eli David and Nadav Maman, leverages deep learning (DL) to combat security threats. It is one of only a handful of cybersecurity companies to tap the potential of DL and the first to hit the market.

Unlike standard machine learning (ML) algorithms in cybersecurity, which learn to recognize each specific threat based on human-supervised data, DL is built on neural networks modeled on the human brain. Such networks can contextualize new data without human training. This advantage, Caspi argues, lets Deep Instinct not only detect potential threats but also proactively prevent them on day zero.

Identify and contain adversaries before they can spread across your network.

As a thought leader in both cybersecurity and data science, and a serial entrepreneur in the tech space, Caspi brings 20 years of experience to Deep Instinct. And, born in Israel, he also served as a member of the Israeli Defense Force’s Cyber Defense Unit.

In November 2021, Deep Instinct forged a partnership with Tanium to boost computer hygiene and prevent both known and unknown malware in real time on Tanium-supported endpoint devices.

Endpoint recently sat down with Caspi to get his perspective on how deep learning is changing the cybersecurity game, as well as the greatest emerging cyber threats today.

(The following interview has been condensed and edited for clarity.)

You worked with Israel’s elite cyber unit. How did that experience shape your approach to cybersecurity?

It let me see the real danger of cyberwarfare in the world. I would call it “cold warfare” because there is no blood on the battlefield, but it’s fought between nations on an almost daily basis.

Besides the famous attacks you hear about in the news, there are many more stories I know, the details of which I cannot share. However, I can tell you that the threat is not just on a nation-state level—the damage also quickly spreads into enterprise. The amount of data that is stolen not just from governments but also from enterprises is truly amazing.

When you are on the other side, you see what it takes to penetrate into an organization and guess what? It’s not that difficult.

This was actually one of the main reasons that I and the two other founders of Deep Instinct decided to start this company. When you are on the other side, you see what it takes to penetrate into an organization and guess what? It’s not that difficult, and it has massive potential for damage.

How is artificial intelligence (AI) changing the game in cybersecurity? As it becomes more sophisticated, are bad actors using it in more sophisticated ways?

I’ve been working in cybersecurity for almost 28 years, since age 18. What’s happened in the threat landscape just in the last three years is staggering. The sophistication of cyberattack techniques has become so complex to detect, let alone prevent.

One novel application of AI that we are seeing by bad actors is the use of a malicious AI algorithm to subvert the functionality of a benign AI algorithm by reverse-engineering its logic. Here, the biggest advantage of Deep Instinct is the fact that we are using deep learning. You cannot reverse-engineer deep learning.

How does Deep Instinct deploy DL in its security operations, and how does DL differ from traditional uses of ML in cybersecurity?

The traditional approach puts the enterprise in a defensive position. Because the attack landscape is increasing in sophistication, it must use ML to hunt for an attack after it has occurred and malicious code has already penetrated and infected the network.

With ML, you need a human expert to effectively guide the machine through the learning process. And that process is slow. In today’s world, you can have half a million new pieces of malware every day, and one piece of malware might have 10,000 lines of code, so the human work required is almost mission impossible.

This era of cybersecurity needs something new, and this something is DL, which imitates the way our brain works. Once it is trained, it detects generalized patterns the way the human brain does, without requiring specific training for each new piece of malware.

Other cybersecurity companies have as many as 600 people whose job is just to analyze malware. I have zero people who are analyzing malware, because the DL platform is able to learn on its own and better predict and prevent novel zero-day attacks. This allows us to achieve a better detection rate and get broader coverage of an attack vector while reducing false positives significantly, preemptively protecting our customers in zero time.

How does Deep Instinct detect threats in “zero time”?

The idea behind Deep Instinct is that the whole model of the neural network sits on every single endpoint and server. We don’t need any connectivity with the cloud; it lives on the edge of the device. Deep Instinct is monitoring every process that is running on your PC or server. It could be an app, a file, a document, any software that you download and is looking for memory allocation. We are scanning everything that is running on your endpoint 24/7.

[Read also: 7 best practices for endpoint performance monitoring]

Because it is like a “small brain” living on each endpoint, we can detect an incredibly wide variety of attacks in as little as 20 milliseconds, which is 750 times faster than it typically takes an attack to encrypt and infect an endpoint. It’s faster than the blink
of an eye.

As we head into 2022, what are the biggest emerging security threats in your view?

Personally, I see memory resident and dual-use attacks as the main play this year. One prominent attack vector we’re seeing is a huge growth in attacks initiated from office documents, some of which are very difficult for most companies to address, like Excel, PDFs, zip files, even Word documents.

Prevention is the new play, and the era of prevention is just starting.
We’re also seeing coordinated attacks across multiple attack surfaces and vectors. It’s a strategy that’s used against nation-states. When you attack a nation, you don’t only attack one specific place with one military force. You attack across the wall with the Air Force, the Army, and Navy SEALs. This is happening in cybersecurity as well. You’re going to get an attack on your endpoints. Parallel to this, you’ll get an attack on your [Microsoft Office] 365, on your cloud and your storage, so you are going to be paralyzed as an organization.

For this kind of strategy, prevention is more vital than ever before. Detection is a necessary second line of defense, but it can’t be the first line of defense, because it has a high-cost dependency on process, people, posture, and luck sometimes. This is why prevention is the new play, and the era of prevention is just starting.

One last question: Why did you decide to partner with Tanium?

Nearly half the Fortune 100 and hundreds of other enterprises and public-sector organizations, including top retailers, financial institutions, and large government agencies, trust Tanium to see and control every endpoint—everywhere. Those organizations understand the importance of an integrated endpoint management and security solution that includes simple to use, highly effective, and scalable endpoint protection.

[Read also: 6 tips for shielding your organization from rising cybercrime]

The Deep Instinct platform is an important component of a combined offering that ensures organizations are better protected with lower effort, creating more strategic bandwidth for IT teams. The combination of Tanium and Deep Instinct delivers a transformational approach to comprehensive endpoint management and security.

Howard Rabinowitz
Howard Rabinowitz is a business and technology writer based in West Palm Beach, Fla.