Hello and welcome, everyone. We're excited to have you here today to talk about the problem of malicious file uploads. My name is Karen Crawley and I am the director of product marketing for deep instinct. I'm located in the Boston area and I have with me Act Two of our esteemed experts, Ryan heath, who is located in Utah.
And Ryan is it's still snowing. I did a stop. It's still snowing. Wow and we also have Jared pike, who's coming to us from Arkansas, both with amazing expertise.
Welcome, Jared. Glad to be here. And it's still raining here. So OK. So before we get started, I just want to point out a few resources that are available in the console to download.
We have a paper on the challenges of file uploads and we have an e-book on deep learning versus machine learning and those are available for you to download. We will do questions at the end of the presentation, so please use the bright talk console to answer any questions you would like to have answered. A quick word on the agenda. We're aiming to keep our presentation to 30 minutes and probably will run over a few, but that's what we're trying to do here today.
And I have Q&A after that. And we're going to cover the problem of scanning uploads, how we miss unknown threats. We're going to touch on Emotet a little bit as an example. Why can't solutions fall a bit short to meet today's requirements?
The challenge of preventing malware before it can do anything in your environment. We're going to have Ryan give us a brief demo. And then we'll go on to Q&A and wrap up. So let's get started.
So why are we here today? So because application files are critical to running a business. You know, your organizations like yours develop custom applications that require file uploads into your environment. Those files end up stored in your local or cloud repositories.
So you might have customer facing applications like a mortgage application, for example, internal applications with end user uploads and downloads. And you could have third party files that are uploaded and are transverse your network. So we know that if any of those files are compromised or weaponized, your business could be at risk. And this is a overlooked attack vector that is lacking an effective solution today.
We believe a new way to look at the problem is required as those threats are largely missed by traditional solutions and they increase your organizational risk. So let's start by taking a deeper look into the challenge. You know what happens if a threat ends up in a file, ends up in storage? What's the risk?
Jerry, do you want to talk to that a little bit? Yeah so when we're talking about malicious files, cyber attacks, specifically today, we're going to be talking a lot about file uploads. Office files are still the King of cyber attacks. And in fact, four out of five attacks in 2022 started with some sort of Microsoft Office vulnerability.
And as you can see, the right there, 43% of all malware downloads are malicious office documents. So it's something that even though Microsoft has addressed some of the vulnerabilities and disabled Excel for macros by default, attackers are savvy. They're going to find ways around the controls that are put in place and still find ways to infect with these common formats. And the reason that they use this common format is because so many people use it on a daily basis.
So it's more likely to be trusted than, say, an executable or ADL file. And another reason that people like to use these is the reality is most next-gen ab solutions out there are relying on hash values alone to tell if something has been weaponized. And so if it's a brand new zero day weaponized document, they don't scan it at all. So it becomes a really easy way for threat actors to get a foot in the door.
Good point. So we just touched on the challenge of unknown threats. I think Emotet is a great example of this. You know, they went dormant for a while.
They re-emerged with new tactics to, by attack, bypass detection. Ryan, what's your take on that? Yeah so going back to what we just spoke about, that office documents are an easy way to get a foot in the door. The good creators, if you want to call them good at emotet, they know this and they take full advantage of it.
So Emotet is interesting. They've been around since 2014. They're mostly known for as being a banking Trojan, but they've since branched out to other types of breaches and that's their foot in the door. They use weaponized documents to get in.
They look like they took the summer off. Maybe they're a threat company with benefits, I'm not sure. Coming back after about a five month hiatus, they've actually been hitting the world pretty hard. Activating their botnets re infecting organizations that they've infected in the past but still aren't cleaned up.
And of course, putting out a lot of weaponized documents that then pull down their main payload. So it's re-emerging quickly in the world. We're happy to say it depends. Think we were able to catch the new version of Emotet on day one as a zero day threat, but most folks can't.
And so that's why your ability to scan these weaponized documents is so critical. And I'll add to that what we see a lot of times as these attacker groups, you know, either working together in tandem or sharing code a lot of times. So what we've seen with these Emotet infections, a lot of them start with an initial infection point of the TrickBot family. So you'll see a lot of times TrickBot is kind of the indicator that Emotet is coming.
And so that's something, something else to watch out for and something else that deep instinct can help you protect against. So we have talked about the challenges, but what about the solutions exist today? We talked a little earlier. You know, we solutions today fall short for a number of reasons.
Ryan, what do you see as the reasons for single lady in malta? What are the challenges there? Sure sure. And keep in mind, the challenges that we're trying to solve here are large organizations have built these custom applications.
And they've asked their end users what could be millions of end users, people that they want to do business with, but they have no control over at all, and they're asking them to upload files into their environment. And so they are taking whatever legacy tools, if you will, that they can to try and scan those files to make sure they're clean. Because let's face it, organizations, especially banks, hospitals, schools, all of these organizations are absolutely targeted by threat actors. So what they're doing is they're taking the existing security stacks available to them to try and meet this challenge.
And it starts off with just your standard antivirus technology. And of course, we know that the issues with legacy AV is that they're signature based, which means if it's a true zero day threat, there's no known signature that's going to fly right through. They require constant updates and they require threat Intel checks, which gives you increasing latency. In other words, they have to check with their cloud back end.
Another solution that people have been trying is to use multi scanning solution. So that's a service you would subscribe to. Where where files as they're being uploaded would go to a service where that one file might be scanned by 30 different AV engines. Again, that takes time, it produces latency and also it is expensive and it also creates a lot of false positives because not all ab engines are created equal.
A lot of them are going to go ahead and flex something that's malicious, one that's really not. And so you need a solution that is 1 fast. Two doesn't require cloud connectivity per se. In other words, it doesn't have to ship the files off premise.
And three, doesn't give you a lot of false positives. And so those are some of the challenges that we're meeting with those two. And then I'm going to let Jared talk about the other two. Yeah so speaking of, you know, signatures and speed around a solution.
So one of the innovations that came out of the shortcomings of the antivirus type solution is the sandbox in the sandbox. What it did is it sort of decided we're not going to look at second, we're not going to use signatures because there's so many new forms of malware coming out. So what we're going to do is we're going to fully analyze every file in a virtual environment to see what it might do that's bad. And once again, if we're talking about speed being an issue already in this type of file transfer, our sandbox is going to add more of a significant delay.
We've seen it even up to two hours in some cases for a single file to go through full dynamic analysis. And that's just an unacceptable risk for a company to add that much delay to a business process. Another thing with sandboxes is they don't really scale well because of the strict hardware requirements that are required to run these virtual environments. So that makes them very prohibitive for scanning, you know, millions of files on a daily basis.
So what came out of all of that sort of another generation or a different way of looking at threat protection, evolved content, disarm and reconstruction, or what we refer to as CDR for short. And what it attempts to do is actually reconstruct files and extract any potentially malicious components real time as the files being delivered. So now while it does sort of address the speed issue of the sandbox and addresses the issue with single multi Ivy of unknown variants because it can strip all contents out on the flip side of that, because it strips all the potentially malicious contents out without any ability to distinguish between benign or malicious.
Now what you're looking at is that a lot of times legitimate content gets stripped out, which creates an issue with it having to restore a lot of original files based on helpdesk calls. It also leads to a lot of exceptions that are put in because that's an unacceptable interruption to the business process for some parts of the organization. So you'll have a lot of exceptions put in and eventually users will find a way to bypass those controls in order to continue to do the work that they need to do without being interrupted. Right so I just heard of a company just this week we were talking to and they're using CDR.
And one of their challenges is that the employees are just sending files to Gmail instead of going through their systems because it's interrupting their processes. So it can be a huge problem. And skirting the security issue that it's trying to solve. Right so I think what becomes obvious here is that we need a new solution that can better address the needs of the enterprise.
To scan files quickly, high efficacy and scale some of the things that Gerrard and Ryan just talked about a solution that can truly prevent unknowns before they have a chance to begin infections. A solution that can reduce events with lower false positives. Ensure the SOC team has time to focus on larger issues and not chasing false flags. It's also important to scale to the needs of the business.
So some of those business issues we just talked about. You need things to work fast. You need accurate, accurate results, and you can't have solutions that are impeding your operations. So finally, deployment flexibility, I think is really key, something that a solution that works the way you work and flows with your organization's applications and data flows.
Jared, do you want to talk about what we mean here? Maybe explain it a little bit more with an example. Yes so I'm a visual person, so I like to see things explained visually. So taking all that Karen was talking about preventing unknowns, integrating well with the existing business processes.
Let's just kind of take a walk through and look at what that looks like from the perspective of the deep instinct solution. So first off, it's platform agnostic, which means that it doesn't matter what kind of files are coming across, whether they're files that are associated with Windows Mac or Linux operating systems, because the platform itself is not tied to a specific operating system or a virtual environment like a sandbox solution. So if you've got files that are being uploaded to a particular application, you can insert the deep instinct solution via REST API calls. And what happens is once those files are coming in to the application, the REST API interrupts the process, calls to the deep state scanner, which is a fully contained, deep learning, assisted anti-malware solution in a Docker container.
And what that means is you don't have to have other components outside of the Docker container to make a decision. We do, like a lot of other solutions, offer a reputation server. So if you've already seen it, it's basically just a malware cache, right? So if you've seen it before, if we already have a verdict on it, you can make an instant decision.
Now, instant is not much quicker than we can actually make that decision because this response is returned from the scanner in less than 20 milliseconds on the average file. So it's a very quick process to make this informed decision, even against unknown or never before seen malware. So once the decisions made there, there can be custom code written to decide what happens next. If the file is benign, you can allow the file to go back into the application and then if the file was malicious, now you can receive a response to the deep instinct management console, which can then also be integrated with your platform to give you full logging and information capabilities.
So with that, I'm going to turn it to Ryan and let him actually show you how this works in real time. Yep, absolutely. So let's go ahead and share my screen. OK so we've had a pretty good overview about the problem that we're trying to solve with defense and prevention for applications, which is that large organizations have built custom applications.
So that their customers and end users can upload files into their environment. And of course, the challenge with that is that you have potentially Tens of thousands or even millions of end users that you have no control over that are uploading information into your environment. And some of those files can be weaponized. And so we need a way to scan at scale large numbers of files really quickly without creating a bad experience for the end user.
And we've all been in there before where if you've ever emailed someone a PowerPoint and then stayed on the line for the next five or 10 minutes asking did you get it? Did you get it? Then you kind of experience what it is that we're talking about in the problem that we're solving with DPA. So this is just to show you how that works and what it would look like.
This is just a sample web application that we've built, and this could be like any application that you've ever used before. We've all been there where if you go online to upload files to apply for a loan or to get it admitted to school or even to file your taxes, you've been to a website like this, and the way it normally works is you go to the site and you click on Upload File and you would select the file you want to upload. In this case, our clean doc and we click Open and boom that pops right into the repository. That's what you want to see.
That's normal and that's good. But what happens if it's a malicious user or it's an unknowing user, then upload something that is weaponized and you go ahead and click on Open there. And it also pops right into the data repository. And this is what we don't want to have happen because now we've got this weaponized document.
It's in our environment just waiting to be clicked on, copied somewhere else, or it may even be on some sort of a timer where it will detonate later. And so that's what we want to avoid. So what we're going to do is we're now going to switch to a secure sample application. So this is the same application.
But now using the container that we spoke about earlier has been integrated into this application. And the first thing that I want you to notice is that it looks exactly the same. The end user experience is identical and just like before, a user would go and click on Upload File. And we'll pick our clean dock and say open and boom it pops right in upload is successful.
But what the end user won't see is this verdict that we just got, which in this case is a success. This is a clean doc. That's good. We also get this nice JSON response.
So the JSON response tells us the time it took to submit the file. It gives us a scan. Good tells us what the file type is, which is an simple file in this case. And it also gives us a nice hash value.
So if we ever wanted to do further research on a specific file, we've got a hash for it. But most importantly, it gives us our verdict, which in this case is benign. And so we know this is a good, clean file. And notice it only took 3 point 4 milliseconds to do the scan.
So if everyone on the phone would quickly just blink your eye, then that took about 100 milliseconds to blink your eye. So you can see we're scanning these files in just a tiny fraction of the amount of time it takes to blink your eye. So this is all well and good. It's what we want to see.
So now what happens if we go to upload that weaponized document? Ryan's weaponized resum�� dot dot. So if I click Open this time, now the first thing I want you to notice is the file did not make it into the repository. It never gets there.
And that's what we want. We don't want malicious files uploaded and then we scan them later. We want to in real time if something malicious is trying to be introduced into our environment and stop it before it ever lands. And that's what we just did.
We also get the same JSON response as before with the same information. The one key difference, of course, is our verdict in this case is malicious. We see that the severity is high. In this case, it took only 0.01
2 milliseconds, so just a fraction of a single millisecond. So you can see the speed at which we're able to operate using deep instinct prevention for applications. And that speed is key. Going back to what we spoke about earlier with the different tools and solutions with legacy app solutions and sandboxing, all of those just take too much time and they can't handle the volume of data that users create.
When you've got, again, hundreds of thousands or even potentially millions of customers all trying to upload files at the same time, or at least in a short period of time. So that's the problem that we saw with this application of our solution. The other thing I wanted to show you is how we can do this at scale. And so in order to illustrate that, I'm actually going to switch things up a little bit.
I'm going to minimize my browser and I'm going to shrink this window here. And what we're actually looking at here, I've got two Windows VMs running side by side. The first VM is on the left hand side is running deep instinct. I've got Process Hacker up and running here.
You can see that it's running and all the processes are basically idle, not really doing much right now. And that's to be expected. And then on the right hand side, I've got another Windows 10 VM running Windows defender. And the reason we're using defender, it's not picking on it.
It's a perfectly good solution. It's a good example of machine learning based detection technology. And what we want to illustrate in this side by side comparison is our ability to do things much faster and with better accuracy. And this will give you, hopefully a really good visual as to why deep learning is so much better at handling these kinds of scenarios versus machine learning.
So to set the stage, I've got two folders open on each machine. One is a landing place for known malware and the other one for unknown malware. And what I'm going to do is just launch a couple of simple scripts that are going to reach out to a publicly available malware repository, and they're going to download 150 samples, each of known malware, an unknown malware. And just for clarification, for our purposes, known malware is malware that that's at least 30 days old.
So everyone should know about it by now. They should have had time to update their algorithms and signature sets to be able to detect that. And then unknown malware is malware that was first seen in the wild today. So it's as close to zero day as we can get for demo purposes.
So I'm going to go ahead and launch the script first on the defender side. So get that kicked off and going there. Go it's going to go up to that public site and start trying to download malware and then we're going to do the same thing on the defense side. There we go.
Let's move this down a little bit. As you can see, it better put process Hekker in front so you can see there. And we're starting to see files come down. And B populated into the folders.
Notice on the deep interesting side, we're already starting to see these alerts and look, they're popping up incredibly fast. On the defender side, we've got files in there already, much more than what you have on the deep instinct site, and we just barely got our first alert. So why is this happening? With deep instinct, the way that it works.
Well, really, with any file, any time you go to download it, the kernel is going to handle that request first. So it's going to go out to whatever location you told it to go to get that file, and it's going to write it to disk. And then once it's finished writing to disk, it's going to perform what's called a write closed event. It is upon that right close event that deep instinct is told to do its 20 millisecond scan.
And when we do that scan, that's we make a determination at that moment whether or not that file is malicious or benign. And if we decide that it's malicious, then we encrypt it and we quarantine it in a hidden folder and we do that faster than the kernel can actually hand the file over to the application that requested it. And so for all intents and purposes, that file was just gone. It never has a chance to be executed, to be clicked on or copied anywhere else.
So the breach simply never happens. And you can see from a deep instinct side, we're already done. We do have a couple of files that looks like did land on disk. That does happen occasionally.
Usually what that means is the file is corrupt. In fact, we can test that. I can just go ahead and let me rename this file really quick. Call it malware.
But you see, these are all executables that we downloaded. And if I go to try to run this says Windows can't run this, it's a corrupt file and that you get that sometimes from malware repositories. So all of the other files are gone. There is nothing left our disk, nothing to click on, nothing to be executed.
And that's really key. And if you scroll through this, we also identify what the malware is that we caught. This first one was a dropper. Next one is ransomware.
We've got some ransomware that's kind of exciting. And then there's a push, another for another dropper worm. Every time I run the script, it's new. I never know what I'm going to get.
It's kind of like a malicious box of chocolates. But there you go. So everything's caught. The environment is safe.
And you saw that. We did it really, really fast. Now, compare that to the defender side. Notice here our defensive processes.
They've already settled back down. Whereas on the defender side, it's jumping up to 20% and keeping you 2336. You can see that it's still consuming a lot of CPU and it's going to continue to do that for a while. In fact, upwards of a couple of hours or more.
Also, notice we downloaded 150 samples of each. So far it's managed to get rid of 4 on the malware side and really none on the malware side. The reason for that is, is, again, the way that it works, it waits for the file to be fully written to disk available to the operating system. And then it starts to scan it to see if it can recognize what it is, if it's malicious or not.
And if it's not sure, it then has to reach back out to a Cloud Infrastructure. It does a hash lookup. All of this takes time, and it's why it takes so long for it to make its ruling. Now, eventually, it will clear out most of these, but not all of them.
In my experience, when you throw this much malware at a tool like this, it will eventually just kind of give up. And so it never actually fully completes. So again, the speed at which we're able to do this is really critical. So I hope this gives you a good illustration of the difference between the speed and accuracy of machine learning versus deep learning.
OK so basically what we just saw is, is as was explained earlier, this is running in a container in your environment. It's connected via simple API call. So to get this installed and integrate it into your custom application is really easy. In fact, we have some customers we work with where they have the integration up and running in 10 minutes.
So to implement this is really quick. Some other things to keep in mind with this solution. We're able to scan not just files and deals, which is what everyone else scans at. We're not relying on hash values for everything else.
We actually are able to scan office docs, PDF files, art files, and a whole bunch of other files for files, et cetera pretty much anything that can be weaponized. We can scan. We do it at incredibly high speeds, less than 20 milliseconds. Here on the slide, it says less than 10 milliseconds.
You saw during the demo that we were able to scan some files in less than a tenth of a millisecond. So it's incredibly fast. Does not require a ton of resources for core 16 gigs. Gigs of RAM running on the host operating system where the container lives is sufficient.
That's really all we need and we can do it at scale. We'll talk a little bit more about this in a minute, but we do have customers scanning Tens of millions of files every day and it's producing no latency, no negative experience for the customer. Also what we really have here is, is this engine, this verdict engine that can be applied in all kinds of ways. So we've talked mostly about custom applications right now, but you can plug it in, you can do an cap integration and have it set at your web gateway.
So when users are downloading files manually themselves, those files can also be scanned. We can look at applying it to network attached storage where it can actually crawl through and scan files that may have been sitting there for years and we have no idea what's in them. There are all kinds of use cases where this can be applied. Thank you.
Great information. And as you can see, really flexible solution deployed in a variety of ways. The REST API or ICAP. And what we have are two examples from customers who have adopted the solution.
On the left, we have a financial services organization. And what they're doing is actually creating a malware prevention hub so that the DevOps teams can connect applications to it to scan their files without involving security at all. And they just go in and write their API calls. So as we all know, financial services are highly, highly regulated and they require file scans to meet some of those compliance requirements.
And the challenge this organization was facing was that the applications teams, they knew they needed to scan the files, but they were not working with the security team on the problem. So in some cases, they're are doing the scans, but they weren't really happy with the speed or efficacy they were seeing. And then the security team brought them a solution, brought them our solution, which was frictionless for the DevOps team. So they write that app I call to connect their application and the scan takes place automatically and it becomes a service that the applications teams can take advantage of.
And they're scanning millions of files per day without latency, zero business disruption and easier compliance, easier to meet their compliance mandates. Brian, anything else to add here? Yeah, just that this was with this particular bank. We worked with the C So very closely on this.
This was a problem. He was trying to solve for a really long time. And, and again, it was creating a bad user experience for their customers and they have millions of customers. This is a very large banks and we were able to solve it for them.
And so the negative experience to their end user goes away. The efficacy went way up, the false positives went way down. It really was a great solution for them. So on the right, what you see, it's a little bit of a different implementation.
This is a content management company. They're scanning over 24,000 files per minute, which is roughly about 34 million files per day. So they needed a solution to protect not only themselves, but also to protect their customer data. So they're looking at both sides of that and they need to something that's fast, really lost false positives, really high accuracy.
They evaluated a bunch of solutions. They determined deep instinct was the only vendor that could meet the needs that they had. And they're really seeing amazing results. You know, Ryan referred to this earlier.
Their verdict times are really they've seen from 2 to 10 milliseconds across the board, greater than 99% accuracy, a less than 0.5% false positives. And that is something they really pay attention to. So, you know, we know that those numbers are real and they're awesome.
Jared Ryan, anything else to add to this one? You know, I'll add that this company actually was able to add this is kind of a value add or premium security service that they can add as an upcharge for their customers. So they actually generate revenue by using the deep instinct solution and it improves the user experience as well as providing, you know, much better security than any other options. Right and I think from a company standpoint that can grow as a differentiator, right.
If you can just, you know, go out and say you can prove that your security is that much better. So what we've been talking about today is all part of the deep instinct prevention platform is Ryan mentioned earlier, you know, deep learning is at our core. And deep instinct is the first and only company to have developed a solution from the ground up with a deep learning framework. And what this means is that we natively use deep learning as the foundation.
And I won't go a lot too much into deep learning versus machine learning. We have an e-book actually for download that you can take a look at if you want to go into some details. And we have other source materials for that. But what this means is that our static analysis engine is using that deep learning and is just making these insanely fast decisions, really high accuracy.
We don't require threat intelligence to make these decisions, so that leads to how fast we can operate as a solution. What we've been talking about today is deep instinct prevention for applications, which is that lightweight container cluster deploy anywhere solution. And then we have an agent on the endpoint that you can deploy which provides additional layers of behavioral analysis, also based in deep learning to prevent fileless attacks, code injection in memory and other types of attacks. So I think, you know, we've talked a lot today about deep instincts and what we can do for you for file uploads.
And really that's providing frictionless security to protect you against malicious file uploads and downloads, focusing on really preventing those unknowns. So zero days before they can execute, before they can infect your environment, you know, integrating with those existing workflows, the flexibility of our solution, working autonomously without cloud intelligence, making those fast decisions, scaling to millions and millions of files per day, really important in a large enterprise. It's trying to accomplish this low TCO. Ryan touched upon some of the ways that we really are efficient using our resources and then helping you ensure compliance and data privacy.
And with that, we will go to Q&A. Just a reminder, if you do have any other questions, please enter them into the console. And first question, my take today is, you know, they're asking, is this a signature based solution? And there's another question that is it just a B or designed to replace ab or any other tool?
Ryan, do you want to take that one? Sure Yeah. One no, it's not signature based at all. Deep learning doesn't require signatures.
It actually is able to scan 100% of the data and determine if what it's looking at is, in fact malicious. And then make that ruling again as we're kind of trying to drive home really fast in less than 20 milliseconds. So it's incredibly fast. And yes, for standard.
Ab absolutely. This can be a replacement for that. We know that there are other more fleshed out solutions, if you will, like EDR that maybe organizations aren't quite ready to walk away from. But what deep instinct does is it provides a level of accuracy and efficacy that just is unmatched in the industry.
And so it can run either alongside those solutions or if you're ready to walk away from that. And just want a true prevention first approach, we can do that as well. And as Ryan mentioned earlier, a lot of the EDR solutions are focused on pre execution prevention of executable type files and ransomware. When when we talk about office files and malicious office documents, they're looking at post execution.
Once it hits the disk and is opened up and starts trying to do its bad stuff, then they record that activity, correlate it into an attack pattern, and then start trying to do the cleanup after the fact. And so that's where that gap is, that defense team can help cover. Excellent another question does deep instinct store the files? We do not.
So actually, anytime we scan a file, one of the great things that in the way that we're architected, we don't actually have to type any information or any data out of your environment. We look at the metadata of the file, so we have that information. That's what goes back to our Cloud hosted console. But the files themselves never leave your environment.
So there's no issue with data privacy or anything like that. I think this one goes a little bit to the flexibility of the solution, I think. I'm wondering if you have an option to connect deep instinct through iSCAT to a squid proxy. Yes, absolutely.
That's actually one of the use cases that we do have. You just configure a proxy, whether it's squid or any other proxy that you might have. And what that allows us to do is to basically intercept any time, a user or request to download a file from a site. It'll be funnel off to that proxy server where we'll scan it again in 20 milliseconds or so.
And if it's malicious, we actually block the download so that the file never makes it to desk. And another advantage of sitting with a proxy as I cap is the proxy is already doing decryption and re encryption if it's an encrypted stream. So, you know, we get the advantage of inspecting these files in plaintext without encryption. So that gets around the hurdle of like an action firewall having to fully decrypt something and look at the stream and then re encrypted and send it on.
Right this 1 May have come in before I did my spiel, but the difference between machine learning and deep learning, I will again refer you to the ebooks that we have and we have follow on materials. Please visit our website. There's a lot of information there as well. Another question and this is probably the last one that we have time for today, how is it licensed?
So it's licensed. Depends on which solution you're going with. If you're using the endpoint solution, it is licensed per endpoint, which is pretty standard. And for the DPA solution, defense and prevention for custom applications, we're looking at the amount of files that we're scanning.
So it's basically price per scan. Of course, it's a tiny fraction of a cent per scan, but that's how we determine the pricing on that. I will say this other solutions that do similar things, but again, that as well tend to be significantly more expensive. Yeah and one of those reasons is the way they are there per transaction.
For instance, with our kind of files, they're going to treat each file inside an archive as a separate transaction, whereas, you know, deep instinct will actually treat that as a single transaction. Excellent I think we're a little over our 30 minutes, we promise. But hopefully this information has been very valuable to you. I want to thank Ryan and Jared for being here today, and Thank you all for listening.
And please reach out if you do have any questions. Thank you.
1.gifUsed to count the number of sessions to the website, necessary for optimizing CMP product delivery.CookieConsentStores the user's cookie consent state for the current domain
