Deep Instinct - IT Press Tour March 2020

Transcript

1. We Prevent What Others Can’t Find Deep Instinct Overview_March 2020

2. Private and confidential 2 DEEP INSTINCT The Leading Deep Learning

   Cybersecurity Company ▪ Founded in 2015 ▪ 150 employees; 3 locations ▪ 3 registered patents; 3 PCT ▪ 3 investment rounds: total investment of $110M GLOBAL CUSTOMER BASE STRATEGIC INVESTORS KEY FACTS • +500 customers – F500, SMBs, MSSPs • Strategic partnerships WITH HP • 1 Million devices protected

3. Private and confidential 3 CREATING FUNDAMENTAL SHIFTS CHANGING HOW ORGANIZATIONS

   WILL BUILD AND MANAGE THEIR SECURITY STACK IN THE FUTURE PREVENTING, NOT REACTING Any-OS A single multi-layer security platform IN A SINGLE PLATFORM Anywhere Any environment Zero-time threat prevention powered by Deep Learning Detection & Response Threat Hunting ANTI-MALWARE EFFECTIVENESS TOTAL COST OF OWNERSHIP (TCO) High $$$ low $ Prevention (high) Detection (low) Deep Learning Predict & Prevent Any threat

4. Private and confidential 4 Is cybersecurity model broken? 2008 2018

   2X the number of data breaches & over 10Xthe amount of records exposed in 2018 compared to 2008! breaches records exposed 636 35.7 M 1,244 446.5 M breaches records exposed

5. Private and confidential The Cybersecurity challenge new malicious programs occur

   everyday Over 350,000 Source: AV test, 2018 A big breach can cost an enterprise between $40M-$350M Source: IBM, 2018 67% of CIOS thought the possibility of their company experiencing a data breach or cyberattack in 2018 was a given Source: Ponemon Institute LLC: What CIOs Worry about in 2018 69% say their cybersecurity teams are understaffed Source: ISACA, 2019 3.5M cybersecurity job openings by 2021 Source: Cybersecurity Ventures, 2017

6. Private and confidential Cyber Threat Sophistication & Complexity are Advancing

   2013 EXISTING SOLUTIONS 1990 2004 2006 2007 2010 2016 2017 Wipers Dual use Virus Botnet Banking trojans Mobile Ransomware File-less Code injection Scripts Coin miners Worm AI-based malware Future 2018 2019

7. Private and confidential Traditional Cyber Reactive Approach New Malware Massive

   Infection Analyze Features Signature/ Heuristic/ AI Massive Infection Analyze Features Signature/ Heuristic/ AI

8. Private and confidential 8 Detection Time is Costly $392,984 $555,274

   $864,214 $897,055 $1,092,303 $0 $200,000 $400,000 $600,000 $800,000 $1,000,000 $1,200,000 Real-time (prevention) Within an hour Within few hours Within a day Several days Over a week £183m fine for data breach 147M data breach; $700M penalty 500M data breach; $123M penalty 7.7M data breach

9. Private and confidential 9 Is Real- Time Threat Prevention Possible?

   PRE-EXECUTION AUTONOMOUS ZERO-TIME in milliseconds EVERYWHERE: Endpoint + mobile + network ANY TYPE of vectors, files and fileless attacks No Trade-offs Highest detection rates; lowest False Positives

10. Private and confidential 10 Deep Instinct’s Multi Layered Protection Time

    to Detect & Prevent 20 milliseconds By D-Brain Time to Analyze & Investigate 50 milliseconds By Deep Classification Time to Remediate & Contain <1 minute “…so much of the success of EDR-like features and investigation capabilities relies heavily on the skills and experience of the security administrators using the product day-to-day.”

11. Private and confidential 11 HP Sure Sense | Powered by

    Deep Instinct HP Sure Sense harnesses deep learning AI to enable real-time malware protection. ▪ Zero-time detection and prevention of zero-day threats and advanced persistent threat (APT) attacks for Windows endpoints. ▪ Unmatched accuracy in detection and prevention of any threat (known and unknown), while keeping lowest false positive rates. ▪ Standalone, autonomous product - simple flows and great user- experience to handle all security events. ▪ Pre-execution protection before any damage can happen – only few milliseconds to predict and prevent ▪ The only AI static analysis solution in the market that scan any file type, online or offline ▪ Threat Protection (ETP) Dynamic Heuristics - Constantly monitors the computer for suspicious ransomware activities

12. Private and confidential 12 Attack type Detected Prevented False positive

    High-profile campaign (E.G. APT28, APT29, emotet, CUTWAIL, GANDCRAB etc.) 100% 100% Pre-execution 0% Script-based targeted attacks (e.g. PowerShell empire, VBS, JS etc.) 100% 100% Pre-execution 0% Microsoft office format-based attacks (e.g. Macros) 100% 100% Pre-execution 0% Shellcode injection attacks 100% 100% Pre-execution 0% 12 Tested And Proven ▪ Deep Instinct D-Client, was exposed to a range of attacks, including: ▪ Malware from well-publicized, impactful breaches ▪ Script-based (aka ‘file-less’) targeted attacks (e.g. JavaScript files) ▪ Attacks using exploits targeted at Microsoft file format vulnerabilities (e.g. malicious Microsoft Word documents) ▪Targeted shellcode injection attacks ▪ D-Brain version was trained in August 2018, six months prior to the customized-targeted threats being created ▪ All threats were successfully prevented pre-execution with no other processes running 100% Prevention 0 False Positives

13. Private and confidential Deep Learning - Deep Impact

14. Private and confidential 14 From Human Brain To Deep Learning

    Artificial Intelligence Machine learning Deep learning 1950 1980 2010

15. Private and confidential 15 Training The Brain

16. Private and confidential 16 Detection of the Unknown Becomes Instinctual

17. Private and confidential 17 Human Brain Artificial Brain Hundreds of

    thousands of “neurons” connected to each other. The connection strength between “neurons” is represent by weights. Billions of neurons connected to each other through synapses. Neuron - electrically excitable cell that receives, processes, and transmits information through electrical and chemical signals. The width of the synapse represents the connection strength between the neurons. VS.

18. Private and confidential Deep Learning Vs. (Traditional) Machine Learning: No

    Feature Engineering Machine Learning Manual feature engineering Machine learning Vector of features Raw data 0.5 1.8 -6.4 2.3 . . . N Limited by data <2% of the available raw data is analyzed ! Limited by human knowledge and expertise ! Limited by adversaries Mutations, Obfuscations and Encryptions ! Limited by size Dataset is limited to 00,000’s !

19. Private and confidential Hand - Crafted Features Ear = 9cm

    Nose = 11.42cm Eyes = 4.2cm 19

20. Private and confidential Misleading Features Dogs Cats 20

21. Private and confidential 21 Misleading Features

22. Private and confidential Feature Obfuscation Original Images Noisy Input 22

23. Private and confidential 23 Deep Learning Vs. Machine Learning: No

    Feature Engineering Machine Learning Deep Learning Manual feature engineering Machine learning Vector of features Raw data 0.5 1.8 -6.4 2.3 . . . N Deep learning Raw data <2% of the data 100% of the data End-to-End Deep Learning Framework

24. Private and confidential 24 Deep Learning Vs. Machine Learning: No

    Feature Engineering Machine learning Deep learning Accuracy with unknown malware >99% <0.0001% False positives Accuracy with unknown malware False positives 50-70% 1-2%

25. Private and confidential 25 The AI Tradeoff False Positives Cyber

    threat Detection 100% 0% 100% Deep learning AI / Machine Learning 60%-80% AI/machine Learning • Intensive false positives analysis, Real attacks go unnoticed • High alert fatigue • Human intensive – • Wasted security analysts cycles • Increased investigation backlogs • high cost • High impact on business operation productivity and efficiency • Low end user experience • Morale impacts across SOC

26. Private and confidential 26 The AI Tradeoff False Positives Cyber

    threat Detection 100% 0% 100% Deep learning AI / Machine Learning 60%-80% Deep learning • Minimize wasted cycles • Security posture optimized • More strategic tasks can be completed • Attacks cannot hide in sea of false positives

27. Private and confidential Prevention in action: evidence from the field

    27 MSSPs Network Tier 1 University Leading Healthcare Lab Leading Hospitality network Files scanned week average 5,756,086,864 177,025,331 4,599,658,413 373,026,193 Attacks prevented (files) 2,136 559 406 False positives 100 0 0 2 % FPs 0.000002% 0% 0% 0.000001%

28. Private and confidential 28 Prevalence of Deep Learning in Real-World

    Solutions Computer Vision Deep Learning Traditional Machine Learning Speech Recognition Deep Learning Traditional Machine Learning Text Understanding Deep Learning Traditional Machine Learning Cybersecurity Deep Learning Traditional Machine Learning 80% 65% 2% 98%

29. Private and confidential 29 Real World Applications of Deep Learning

    Speech recognition Image recognition NLP Bio-Informatics Recommendation system Cybersecurity 29 improvement in face recognition 20%-30% improvement in voice recognition 20%-30% improvement in text analysis 10%-20% 29

30. Private and confidential 30 Applying End-to-End Deep Learning for Cybersecurity

    Developed entirely in C/C++ Efficient deployment on edge devices Optimized GPU training Implement entire deep learning framework from scratch

31. Private and confidential Cybersecurity Evolution THE LEGACY ERA Signature, Firewall,

    Sandbox, Behavior analysis PAST Only effective against known vulnerabilities Limited to Windows and Traffic Only effective against known attacks ! PRESENT Detection post infection THE AI ERA Machine Learning, Heuristics Cyber expert Labor intensive Feature extraction based High false positive rate ! Dynamic model limitation Knowledge of the security expert FUTURE Raw data-based; Fully autonomous machines THE DEEP LEARNING ERA Lowest false positive Any OS/Network Prevention in zero time Any threat ENDPOINT PROTECTION LEVEL 31

32. Private and confidential Benefits of Deep Learning for Cybersecurity Zero

    time detection and prevention Zero time classification Prediction of unknown (future) threats Any device / any operating system / Any file Connectionless (edge deployment)

33. Private and confidential 33 The Value of the Deep Instinct

    Prediction Model A new version of Dharma appears in the wild October 11th 2019 Dharma Ransomware First upload to VirusTotal Missed by Cylance, CrowdStrike, TrendMicro October 14th 2019 October 13th 2019 Deep Instinct client Detected and Prevented Dharma on a production environment D-Client v2.2 Release day 3 days New Deep Learning brain was trained and released 19 Months earlier March 2018

34. Private and confidential 34 Challenges of End-to-End Deep Learning for

    Cybersecurity Cannot use standard deep learning frameworks Input varies substantially in format Input varies substantially in size Scarcity of deep learning experts

35. Private and confidential Thank you 35