Virtualization Technology News and Information
VMblog Expert Interviews: Deep Instinct Talks AI, Machine Learning, Deep Learning, Cybersecurity and TrickBot

interview deepinstinct 

Gaining momentum recently, one of cybersecurity's most nefarious malwares, TrickBot, responsible for some of the worst financial-related cyberattacks has resurfaced with a new variant that has exposed over 250 million email accounts and put them at risk. Guy Caspi, CEO and co-founder of Deep Instinct, spoke with VMblog and gave us the lowdown on the attacker, their tactics and intentions, and why applying a deep learning approach to cybersecurity is crucial to the protection of our personal data. 

VMblog:  Please tell us a bit about yourself, your background and your role at Deep Instinct. 

Guy Caspi:  I am the CEO and founder of Deep Instinct, the first and only company to apply end-to-end deep learning to cybersecurity. I have specialized in artificial intelligence and deep learning for much of my career, spearheading companies through their entire life-cycle, accelerating their growth, and even seeing them through to IPO on NASDAQ. 

VMblog:  Artificial Intelligence and Machine Learning have started to dominate the conversation around the digital transformation of IT, especially when it comes to cybersecurity. What makes Deep Instinct different? 

Caspi:  Deep Instinct is the first and only company to apply end-to-end deep learning to cybersecurity, creating the ultimate zero-time threat prevention solution. Deep learning is the most advanced subset of artificial intelligence (AI), taking inspiration from the human brain. It's the first and only AI-based method capable of training on raw data. Unlike traditional machine learning, it doesn't require feature engineering by a human expert and can scale to hundreds of millions of training samples. The deep learning model provides high detection rates while ensuring the lowest false positives, and prevents first-seen threats for either file-based or file-less attacks. 

VMblog:  What are some of the biggest misconceptions around AI, machine learning, and deep learning? 

Caspi:  The biggest misunderstanding around artificial intelligence (AI), machine learning and deep learning is less of a misconception and more of a confusion around differentiating the meaning and purpose between them all. AI is a big world and includes many different types of algorithms. One needs to understand the differences of each one and their respective advantages and disadvantages given the particular context. 

Deep learning is part of a broader family known as machine learning, which in turn, is a subfield of AI. AI is a function that imitates the way the human brain works in the sense of processing data and creating patterns for decision making. Machine learning is a technique that gives computers the ability to learn without being explicitly programmed to do so. While deep learning uses a deep neural network, it provides an architecture that is like the human brain, including layers of neurons and synapses.  

Deep learning achieves greater results of predictive accuracy because it analyzes all the raw data in a file, rather than just the engineered features that have been extracted from a file by a human. Traditional machine learning requires feature engineering, where a human expert effectively "guides" the machine through the learning process by extracting the features that need to be learnt. As it's based on human analysis, it's highly limited and relies solely on the data that being fed to it. Additionally, it is not limited to simple linear correlations but can analyze multiple levels of non-linear complex data patterns and features, resulting in greater predictive accuracy. 

VMblog:  Can you describe the key benefits enterprises might realize with your solution? 

Caspi:  Unlike detection and response-based solutions, which wait for the attack to happen before reacting, Deep Instinct's solution works preemptively. By taking a preventative approach, files and vectors are automatically analyzed prior to execution, keeping customers protected in zero time. This is critical in a threat landscape, where real-time is too late. 

In tests conducted by an external industry authority, the deep learning-based solution achieved unmatched efficacy against any threat, with a 100% detection rate and zero false positives for new and previously unseen files. This represents an unparalleled feat that is yet to be claimed by even the best traditional machine learning solutions available. 

Offering unlimited protection, the solution can be applied to any environment regardless of existing architecture. The solution is fully operational irrespective of network or Internet connection. It can be delivered air gapped NW, provided in a multi-tenancy or VDI environment, and deployed on premise or through a cloud native design.  

Versions of the solution are available for all major operating systems (Windows, MacOS, Android and ChromeOS). The location-agnostic, light weight agent can be applied to any type of environment - be it networks or devices (endpoints, mobiles, and servers) - and is equipped to identify any type of file and file-less attack, without requiring any modifications or adaptations. 

VMblog:  Can you explain this latest TrickBot threat and why it is so significant? What were some of the tactics used by the attacker? 

Caspi:  TrickBot is a highly sophisticated, modular piece of malware with an ever-growing arsenal of tools - one for practically every task imaginable (for a malware operator). Trickbooster is the latest tool in the arsenal and has some great advantages for the operators of TrickBot. The advantages of Trickbooster are two-fold: 1) vastly increased ability to distribute your own malware; and 2) monetization. Harvested email addresses can be sold and the spam bots themselves can be "rented out" to other actors. 

An interesting tactic observed here is the use of signed malware binaries to make the malware appear more legitimate and lower the chance of it being detected. 

VMblog:  How come Deep Instinct was able to get exclusive access to the attacker's server and database? 

Caspi:  Following discovery of a Trickbooster attack prevented by Deep Instinct at one of our customer's sites, we started a deep analysis of the malware and its supporting infrastructure. From the details we uncovered, we cross-referenced infrastructure information relating to the Trickbooster campaign and took advantage of an op-sec failure on the side of the attacker. 

VMblog:  Have you reached out to any of the authorities regarding this attack? What were their reactions? 

Caspi:  We have reached out to some of the authorities affected by this attack and they are investigating the matter. We are in the process of contacting other companies and organizations whose emails have been found amongst the 250M compromised emails in the database.

VMblog:  How are you sure that the attack has been stopped? Are the victims still at risk? 

Caspi:  We are taking measures to stop the attack and notify the victims. As mentioned above, we are in the process of contacting companies and organizations whose emails have been found in the database of 250M compromised emails. We have contacted the issuers of the certificates that were used to sign the Trickbooster executables and these certificates have been revoked. We are also contacting the hosting company which stores the attacker's server to bring down the server.   

Customers of Deep Instinct are fully protected from this attack. 

VMblog:  Given the complexity of these threats, are we at risk of AI-based attacks? Is Deep Instinct's solution capable of thwarting another AI-based threat? 

Caspi:  First of all, it is important to point out TrickBooster and TrickBot are not AI-based attacks, and real-world AI-based attacks have not been seen in the wild yet. However, the threat landscape is evolving extremely fast as attackers are looking for new attack techniques, so AI-based attacks are going to become a reality very soon.  

Deep Instinct is currently training their deep learning "brain" to identify such AI-based attacks and ensure protection against it. 

VMblog:  What are some of the biggest challenges that organizations must address now when it comes to cybersecurity? What is Deep Instinct doing to help? 

Caspi:  There are more than 350K new machine-generated malware created every day with increasingly sophisticated evasion techniques, such as zero-days and APTs. According to recent research, nearly two-thirds of enterprises have been compromised in the past year by attacks originating at endpoints, representing a 20% increase from the previous year. Likewise, zero-day attacks are four times more likely to compromise organizations. These breaches have incurred $1.3 billion in financial loss in the U.S. alone. 

Most solutions available today are woefully under-prepared to overcome the complexity of attacks and cause huge operational challenges as they can't adequately fight against complex zero day and APTs.  Added to this is the shortage of cybersecurity experts; 69% of CISOs say their cybersecurity teams are understaffed and this skill gap is expected to grow. By 2021, it is anticipated that there will be around 3.5 million cybersecurity job openings, and only a fraction are likely to be filled. 

Deep Instinct's solution addresses all these problems though its dedicated deep learning framework is purpose built for cybersecurity. However advanced an attack vector may be, Deep Instinct's solution has been expecting it. The prediction first approach is part of a multi-layered process that includes detection and response, followed by a final layer of analysis and remediation. The entire process happens autonomously. The deep learning-based solution can analyze enormous amounts of data and detect any type of anomaly automatically with unparallel accuracy. This approach not only reduces the need for human intervention as the management and remediation process is dramatically minimized, but the comprehensive analysis achieves superior protection. 


Published Thursday, July 25, 2019 8:49 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2019>