“Currently, I see a race between using artificial intelligence to engineer and reverse engineer detection and prevention capabilities. Because the solution of deep learning is such a specific and purpose-built subset of artificial intelligence, it is much more difficult to reverse engineer and thus provides a better resilience to adversarial threats,” says Brooks Wallace, VP EMEA, Deep Instinct in an exclusive interview with ITSecurityWire.
ITSW Bureau: What solutions should CISOs deploy to isolate the malware threats from the network before it impacts their overall infrastructure?
Brooks Wallace: Generally, organizations have been far too focused on the mitigation of ransomware attacks rather than the prevention. They have settled for accepting that a cyber-attack will be a matter of ‘when’ not ‘if’, but by accepting this, we may have simply accepted defeat. This question already assumes a threat will gain persistence in a network when that doesn’t have to be the case.
CISOs need to implement solutions that can actually prevent attacks. Deep Learning, when applied to cybersecurity, can prevent malware threats from entering the network because of its highly effective ability to predict attacks, especially unknown ones. As a subset of the most advanced artificial intelligence, Deep Learning offers a major advancement in cyber security defense. It takes inspiration from how the human brain works by training itself on raw data samples of millions of files which it then autonomously labels as malicious or benign. One of the key differences to machine learning is that deep learning is not given information about which files are malicious and which are benign. Instead, it learns to make these determinations independently.
CISOs need to consider how their security solutions are being used and whether they are helping to prevent attacks or detect and respond to them. We feel that, in recent years, there has been too much focus on investigation and remediation rather than trying to prevent a successful attack from even taking place.
Also Read: Securing the Enterprise against REvil-like Cyber-attacks
ITSW Bureau: How can CISOs strengthen their cyber security stand so it becomes predictive and pre-emptive instead of reactive?
Brooks Wallace: Positioning Deep Learning prevention capabilities in front of an existing reactive security stack (think EDR) adds immediate value by reducing the volume of alerts and false positives created by today’s conventional detect and response technologies. No matter what solution they deploy, organizations will still need to react to the threat of cyber-attacks. For example, when properly integrated into the security stack, it has been found that deep learning can reduce the volume of false alerts a security team is reviewing by as much as 25 percent on a weekly basis. This means that the team will no longer be burdened by the flood of false positive alerts and low-level threats. This subsequently means their time can be better spent on valuable activities such as threat hunting and ensure they are free to react quickly when a legitimate threat emerges.
Organizations should integrate deep learning into their existing security stack in order to strengthen their security. However, they still need a solid framework of conventional security solutions in place, and in fact, deep learning works best when there is a strong, multi-layered security infrastructure for it to support. For example, deep learning can help optimize EDR with actionable intelligence, cover offline assets with higher efficacy, and remove cloud-dependent vulnerabilities. Deep classification lets SOC teams know exactly what they are dealing with.
ITSW Bureau: As an industry leader, how do you think Deep Instinct’s deep learning solution enables organizations to mitigate the ever-evolving malware?
Brooks Wallace: CISO’s are coming to us and asking for help with their top operational risks: preventing ransomware and removing the deluge of false-positive alerts that are causing alert fatigue across their organization.
Cybercriminals are constantly increasing in the sophistication of their attacks, and therefore, so must we. We are in a never-ending innovation race against bad actors and must continue to invest in advanced technology to stop from falling behind.
The biggest problem in security was and still is prevention. Deep Instinct is the first and only deep learning cyber security framework that was purpose-built for the prevention of cyber-attacks. Deep Learning technology and its ability to constantly adapt and protect against the ever-changing threat landscape allows us to stop unknown, never seen before threats in less than 20 milliseconds with a false positive rate of less than 0.1%, the lowest in the industry. In fact, we are so confident in deep learning that we have backed up our technology with the industry’s only low false-positive guarantee and the highest ransomware defense warranty of $3m, backed by Munich RE.
Preventing a threat will always be a better operational outcome than detecting, investigating, and responding after the attack. This is how Deep Instinct can best enable organizations to mitigate the ever-evolving malware problem.
Also Read: Five Zero Trust Myths CISOs Should Know
ITSW Bureau: What trends do you think will emerge in the deep learning cyber security space?
Brooks Wallace: Threat actors’ sophistication and complexity is out of control and will only continue to spiral. We are seeing a massive rise in sophisticated nation-state ransomware attacks against enterprises across the US and Europe. This is causing disruption and serious downtime for many organizations as they spend time recovering lost assets. A very worrying trend is AI training-data poisoning, where a malicious piece of data is inserted into the AI model as benign, leaving a backdoor in the code of that technology. AI model theft or adversarial samples used to attack AI-powered systems are also on the rise. Deep Instinct has already built anti-adversarial techniques into our deep learning model to detect and prevent this type of data poisoning.
Currently, I see a race between using artificial intelligence to engineer and reverse engineer detection and prevention capabilities. Because the solution of deep learning is such a specific and purpose-built subset of artificial intelligence, it is much more difficult to reverse engineer and thus provides a better resilience to adversarial threats.
I also think we will see more and more efforts and levels of ransomware pay-outs. For example, one year ago, ransomware was a two-pronged effort, however, within one year, it is now a significant threat for all companies, and organizations have to seriously consider how a ransomware attack fits into their business continuity plan. This includes whether or not they should pay the ransom – if they decide to, how will they pay? Will it be by cyber insurance or Cryptocurrency? And if they don’t, then what happens if the cybercriminals decide to leak the stolen data? These are all questions executive board members should be asking themselves. Fortunately, we now have a solution that will at least help determine these answers.
Wallace is a cybersecurity sales leader with more than 20 years’ experience building successful business-to-business sales teams across EMEA. He is a frequent speaker at cybersecurity events and moderator of CISO round tables. Wallace has a Bachelor of Landscape Architecture from the University of Illinois, Champaign-Urbana, and spent two years at the University of Mississippi studying International Business and Finance.