Welcome, everyone. Delighted to have you all here. Join us today for this webinar where we're going to be focusing on the future of air and cybersecurity and debating the merits of machine learning or deep learning. You've probably noticed that we have three guys here, a lot, two guys and women.
I'm not Karen crawley, eagle eyed folks out there. It was thought that I'm probably trippy and in fact, it's just simple. And Brown. Vice President of product marketing standing in for Karen.
Well, unfortunately for technical reasons, can't join us today, but she's here with us in spirit. Joining me today is Ryan Wright. He's channel technical manager at deep instinct and Derek piker, who's a product marketing expert who's also within my team. Ryan joins us from Utah.
Derek joins us from Arkansas and I'm based in Germany. So we've got a truly geographical spread here for today. So just a couple of housekeeping notes. If you have any questions as we go, please type them in the chat, and we'll do our best to answer those as we go along.
But just to keep us all on schedule, I'd just like to walk you briefly through our agenda for today. So we're going to first focus on the evolution of anti-malware. So it's going to do a bit of a Darwin approach here and take us through the beginnings of anti-malware, the beginnings of time, not quite the beginning of time, but a little bit later on. That may be more than just the future of air and cyber security and the role it's playing critically, both from a good and bad perspective.
And then we're going to do a deeper exploration around machine learning what it is, the advantages, challenges it sometimes has, and how deep learning may be able to address some of its shortcomings. We'll also talk about that Super hot topic chat deep, just the very, very high level that's impossible to miss right now. And I'm sure many of you are reading some of the articles around that. And then lastly, we're also going to Zoom in specifically on deep learning, do a bit of a deep dive there and then leave a few minutes for Q&A at the end to cover up any of the questions that you might have.
But keeping us on schedule here and I like to hand over to Derek, Mr Darwin, he's going to walk us through the evolution of anti-malware, the stage adjuster, Thanks to everybody. So how did we get to where we are today regarding anti-malware and malware scanning solutions? Well, I want to take you on a little journey here. So the first antivirus came about around 1985.
And why was it needed? Well, when the personal computer began to take hold, we started seeing that people of intent with a little bit of coding knowledge decided that they could take advantage of this revolution of the personal computer and make a profit for themselves. So that's where we started seeing malware pop up and it became obvious that some sort of step in was needed from a security perspective to stop the bad guys from running rampant in personal computers. And this is back when it was still big hair for women, sleeveless shirts for men, legwarmers, all of that.
And at the same time, the personal computer was very different at that time and malware was in its beginning stages. So the traditional antivirus was first released as a signature based solution in order to combat this these malware. So as we go along. What you're going to notice is on the top line here.
We're going to follow what happened in the security industry. And on the bottom line, we're going to follow what happened with malware and the threat actors. So moving right along here. After the antivirus was released, these threat actors realized, hey, they're able to stop us.
And if you'll notice at the bottom, we're following here a prevention slider. So the threat landscape as it changed, we move from. More prevention to less prevention. So at this point, polymorphic code, in other words, malware that may look and feel somewhat like previous versions, but it's changed in some way to avoid a signature detection that came around in 1990, which meant now the security industry had to once again, respond in order to get back to a place of higher prevention.
So static heuristics were introduced around 1992. And what this did now is we can look for specific fingerprints of malware versions to understand what's happening here and identify malware based on characteristics other than just a signature. So I'm moving right along. Now the threat actors decide, hey, this static heuristic system is actually thwarting our opportunity to make money off of malware, so we've got to reinvent ourselves again.
So around 2000, we started seeing encrypted payloads pick up. And what this in effect did is these encrypted payloads are hidden within what appears to be a legitimate file. But because they can't be decrypted by the anti-malware solution, they're unable to be identified as malware. So at this point, we move back to a 65% prevention rate.
Now around 2008 sandboxing malware sandboxing became a. Solution that kind of took hold and it emerged to help expose unknown malware in the way that it did. This is it actually ran any files that came in that were unknown. It would open them up in a virtual environment, run them inside a virtual machine that was set to emulate the actual.
Systems that are running inside of a company. So the intent here is now to force this malware to expose itself by running it into the environment that emulates the end user environment. So it would do all the things that it's supposed to do and expose itself. Now, at this point, we're kind of seeing on the threat landscape, we're still at only a 50% prevention rate.
And now, because this malware sandboxing takes a little bit of time to actually come to fruition, we're seeing more of a detection response type of initiative from the security industry, and that's to avoid the delays from the sandboxing. So what we would see is the malware sandbox is running in a Spanner tap mode and catching files out of band and then informing the security system that this file was bad. So patient zero initially gets infected, but after the fact, then we can create a signature on the fly or update the systems to say, hey, next time you see this, we know it's bad, right? So
this helped to close the gap for unknown malware, but at the same time, it's kind of a shift toward the detection and response. Now, moving along again, the attackers, of course, in order to continue to make money, they needed to reinvent themselves again. So they purchased these sandboxing solutions themselves, reverse engineered them and were able to develop anti sandbox techniques and exploit kits that are bypassing these sandbox solutions. And how did they do that?
Well, a couple of techniques. First of all, they can detect they're running in a virtual environment because at that time, the virtual PC was not as big of a thing. So if they're running in a virtual environment or running on a system with a single core, chances are it's probably a virtual machine or a sandbox environment. So they could then not do what they're supposed to do.
And so the next part of it is they could do they could release time, release malware, which is not going to detonate for 24 to 48 hours, meaning we're not going to keep the sandbox open and look at that and listen to it. So because of these techniques, now the security industry has to strike back. And so now we're looking at machine learning and AI starts to emerge as a tool and technique to be used in the security industry to understand malware at a deeper level. So that's when next Gen AV kind of emerged.
And when we say machine learning, what do we mean? We mean a computer assisted model that is supposed to help identify activity within a specific file or malware that we can't identify readily with a signature based solution or static heuristics. So obviously, the attackers have to catch up once again. And so in around 2016, we see the release of metamorphic, vilest attacks, of ad hoc scripts and things like that are undermining this machine learning.
And once again, making it somewhat obsolete. We're back to 45% prevention here, and we're seeing this wholesale shift to the detection and response. And moving right along. The next evolution is out of this machine learning and this detection and response and assume breach mentality.
We see three solutions. Solution types sort of emerge. We've got our edr, MDR and our XDR. Now you see a common theme, their detection response or the Doctor that D are at the end actually reminds me of another IT term, which is disaster recovery.
And chances are if you're going all in on detection response, you're going to need to make sure that your Doctor. Your disaster recovery plan is up to date because your chances of being breached are much higher. So at this point now we've seen a shift, a total shift in the industry and the security community to a detection and response or assume reach mentality. So something was needed to address this gap here where we're only seeing around 50% prevention because in the case of ransomware and rapid attacks, it's not enough to detect and respond after the fact after post execution.
We need to find a way now to be able to predict and prevent even the most advanced and unknown forms of malware. So enter the first purpose built cybersecurity model based on deep learning in 2018. And it's a combination of static and dynamic analysis that provides known and unknown malware prevention. Instead of just detecting and responding and one of the things that you'll notice before I conclude here is at the bottom here.
Very, very much so across the timeline. The rapid pace of increasing amounts of new malware variants grew over time exponentially and at most recent count from a survey that was done or a research analysis that was done, approximately 560,000 new pieces of malware pop up on a daily basis. There's no there's no way even a machine learning, big data analysis engine could keep up with that. This is where deep learning shines and 20, 2021 and beyond.
Now we're looking at everyone connecting in a hyperconnected world to cloud based resources. The endpoint is no longer the central focus for security purposes because data is being accessed in so many different ways. But with deep learning now bringing us back to a greater than 99% prevention rate. Now we can take that same technology and push it out beyond the endpoint to provide protection wherever data is accessed.
So with that, I want to. Hand it over to Ryan, and he's actually going to take us a little deeper on this evolution of AI and what deep learning is and how it compares to machine learning. Thank you, Jared. Just before Ryan does that, we've just seen in the chat that a few of you have been saying can't see the screen.
Apologies for this. It seems to be some great talk. The majority of attendees can actually view the screen, but rest assured you will be able to view the entire webinar on demand shortly afterwards. And I apologize on behalf of bright talk for this issue.
But in the meantime, I'll now hand over to Ryan. Thanks, everyone. OK, great. All right.
Perfect So thank you, Jared, for kind of giving us that history lesson. So now I'm going to give you a second a short history lesson about artificial intelligence in general. So, first of all, during World War two, Alan Turing and his team of crypto analysts were tasked with breaking the German's encryption machine called enigma. It was Alan's idea to build a machine to do it rather than to come up with the decryption techniques used by humans.
It is from his work that we have the entire field of study known as artificial intelligence. Today they actually made a really great movie about this called The Imitation Game. If you haven't seen it, you should. But it kind of tells his life story.
But Alan posed a really interesting question. And keep in mind, this is clear back in the 1940s before even the first transistor was even built. He asked, can machines think? His vision for AI is best expressed by what is known as the Turing test.
So this is where you would put a computer behind one curtain and a person behind another, and then a third person would ask them both questions. And the idea being that we will have achieved true AI when the interrogator couldn't tell the difference which was which data scientists have been working on making Turing's dream a reality ever since. In 1952, Arthur Samuel, building on Turing's work, was able to come up with a program that could reasonably play a game of checkers. And that was a big deal at the time.
But it would take another 30 years before the next big jump in the evolution of AI. And so and it wasn't until 1997. Many of you probably remember this, that IBM was able to come up with a supercomputer known as deep blue that could beat a world chess champion. The milestone illustrates the power of machine learning.
But even then, the computer was not actually thinking. It was just able to analyze about 200 million possible moves a second from a large database of options. Noam Chomsky, who was a linguist from MIT, actually compared it to entering a bulldozer into a weightlifting competition. So we're not thinking it.
We're just adding a whole bunch of power to the problem. The next leap towards achieving Alan Turing's vision wouldn't come for about another 30 years. And that's what the advent of deep learning, the term artificial intelligence, machine learning and deep learning. And I do want to emphasize this, because I've talked to thousands of people now over the last few years, and there's still a lot of confusion between these terms.
So it's important to know these terms artificial intelligence, machine learning and deep learning. Even though they're often confused and conflated, they are not the same thing. The technologies are related, but they are separate. AI is a broad umbrella.
It encompasses a number of technologies, including machine learning and deep learning. Machine learning is a subset of AI, and then deep learning is a subset of machine learning. But it's only with deep learning, where we start to see true artificial brains that can actually learn. And that's the big leap forward there.
OK so let's talk a little bit about the differences between machine learning and deep learning. So from a cybersecurity perspective. The differences really are with machine learning the way it works. And this is what most of the industry is using today.
Any kind of a next Gen app solution is what they're doing is they're taking samples of malware and then a bunch of really good, smart engineers who then reverse engineer. They pull that malware apart and they start defining features of that malware. And that is a process called feature extraction. And what they're trying to do is identify, OK, what are all the ways that we can determine that this file is actually malicious?
And then what they do is they write their detection algorithms to look for those features. And it really was a very smart idea. It's worked well for a while or for a long time, but we're starting to see major chinks in the armor. First of all, threat actors, unfortunately, are smart, too.
They're using adversarial AI and machine learning to actually write new forms of malware that are specifically designed to evade detection by current techniques and tools. And so it becomes this constant game of cat and mouse. And it kind of goes back to Jared's timeline, where you see our ability to truly prevent continuously drop over time as threat actors get better. And so what we start to see is an accuracy of error, an ability to detect known threats dropping clear down into the 50% to 70% range, which is a pretty big gap.
We also see a really high degree of false positives, and that's simply because there's a lot of benign files out there that just so happen to have features that look like malware. And this creates the need for the industry to constantly update their detection algorithms so daily, sometimes multiple times a day. And it's just this kind of never ending cat and mouse game. Deep learning is, quite frankly, a more elegant solution.
With deep learning, there are no feature extraction sets where we're not relying on humans to tell the artificial brain what to look for. We use a process called supervised learning, and what it does require is massive amounts of data. So we have accumulated literally billions of files over time, both malicious of benign of multiple different file types. And we simply feed it into all this data, into the deep neural network, and we tell it to learn to figure out on its own what malicious and what benign looks like.
And we break it up into big chunks of data set so we don't feed it all several billion files all at once. We break it up into chunks of 200 or 300 million files at a time we feed the first batch through. It's not going to do well initially because it hasn't learned yet. So we simply tell it try again and we do something called back propagation where we take that data and we feed it back through with the information it already had and tell it to basically try better.
And so it starts updating itself and we go through this process. And when it starts to get really good at one data set, then we swap the data set for a new one, and we go through these iterations until eventually you get to a point where you can feed a batch of 200 or 300 million files that the brain has never seen before and through it. And it will get near perfect results greater than 99% accuracy on detecting true malware and fewer than 0.1% false positives, which is incredibly low.
And also the brain itself becomes highly resilient where we actually only need to update it 2 to three times a year. So we can go for months at a time without even having cloud access and still protect you from 0 of a malware. Let's I want to take a look real quick. Kind of jumping back to machine learning and sort of why it breaks down.
This is just an example of where machine learning can be fooled. So in this example, we have a piece of malware where we went through the process of, oh, sorry, I didn't advance the slide. Here we go. OK we have a malware.
We've gone through the process of feature extraction. We've identified in this case, 491 features that tell us this file is malicious. So we should have a pretty high confidence level. This is a bad file.
But then threat actors like to use a technique called perturbation. So for those of you who haven't looked at your word of the day, calendar perturbation just means when you take a process or a function and then you alter it from an outside influence to get it to do something that it wouldn't normally do or isn't designed to do. And so that's what they've done in this case. And they've done it simply by adding two API calls that have been inserted into the file to obfuscate its malicious features.
And then in doing that, suddenly the machine learning tool that was designed to look for those features doesn't see them anymore. They've been basically hidden. And so this now looks like a benign file, and this file will slide right through. Now, there are still features in the file that could tell us it's malicious, including the fact that two API calls were inserted into it.
So there are ways to detect it, something that deep learning can do, but machine learning can't because it can only look for the files that it was told to look for. And so that's sorry for the features that it was told to look for. And a good recent example of that is the most recent re-emergence of TrickBot actually use that technique in that it would be a benign file with a relationship or rails file pointing to basically an Excel spreadsheet that had a bunch of benign text in it. And then in small file it had a PowerShell script command that ran that actually called out to a command and control, pulled down additional software and ran it in the background.
And it's all transparent to the end user because that trigger happens automatically when they open the original benign file. So it's using the benign to obfuscate and fool a security solution into thinking that something that's malicious is actually benign. Yep that's a great example. So what I want to do with this slide is just basically kind of talk about how deep learning brains actually learn.
So, one, we don't rely on feature abstractions. We don't rely on hash values. Instead, an artificial brain learns much like a human brain with the human brain. There are millions of neurons that are designed to receive process and transmit data in a way that allows it to learn.
And looking at the architecture of the brains, the human brain has about 86 billion neurons. Just a little factoid there for you that, again, are there to receive process and transmit information through electrical and chemical signals. A deep learning brain has hundreds of thousands of neurons connected to each other and again, processing inputs, learning much like a human brain does. You may notice that the artificial brain doesn't have nearly as many neurons as a human brain does.
And the reason for that is, quite frankly, artificial brains are still very simplistic. And we're going to illustrate that here in a minute compared to the human brain. The human brain can do all kinds of things. You can read text, you can understand speech, you can recognize faces, you can drive a car, you can do all these things.
Artificial brains have to be built for a specific purpose, and that's the thing that they become good at and they're not good at anything else, really. And so kind of to illustrate that, we're going to show you a couple of examples. So let's talk about Chet. So this is kind of on top of everyone's mind right now for anyone who maybe doesn't know that GPT is an artificial brain that can write almost anything.
It got a perfect score on the LSAT. It can write a convincing master's thesis on almost any topic you can think of. And if the mood strikes you, it can even do it in the style of Shakespeare or Edgar Allen Poe. So quote the artificial brain.
Nevermore that's my dad job for the day. It can also be used, though, for very nefarious purposes. As you can see from all these headlines and as was actually proven by one of our own researchers, it can be used to write 0 malware and even ransomware that actually works. One of our threat researchers.
You can't go in and say, write me ransomware. It won't do that. Has enough intelligence not to do that. But what you can do is go in and say, write me a code that will encrypt files in a folder and all subfolders, and that will write a text file to the desktop and in the folders with a note in it.
So you can give it more generic descriptions like that. And it'll do it. It'll write you some code and you may have to make a couple of tweaks to it, but effectively you can get it to write malware for you. And so this has a lot of the industry really worried about it.
What's even more interesting, the threat researcher that works for us that did this then took that ransomware that he had. GPG right and uploaded it into VirusTotal and basic. Almost nobody caught it. So it was true.
Zero day malware that slid right past almost everyone else's cyber defenses. So that's a little scary. It's the world that we're living in. And the reality is I think we're going to need a deep Warning to combat that world.
Now, the next question is, is so does this mean with deep learning, it can do anything? Well, going back to what kind of the example I said a minute ago, the short answer here is, no, it can't. For example, Chappy GPT could probably write you a book about driving, but it can't drive a car. Yeah and can we expect an AI model to drive a car when cars are designed specifically for humans?
And honestly, most people can't drive very well themselves. That is true. Don't tell my wife that she gets mad. So here's the reason why these brains really can't just be used for anything.
So every time you get behind the wheel, just kind of think about this. You're bombarded with zero day events. You know, you might a stoplight isn't working. It's raining today.
It wasn't raining yesterday. There's new road construction, which is happening around where I live constantly. It seems like there might be a Fender bender. Ball rolls out into the road.
You have to quickly stop for it. So even though you're doing the same drive you did yesterday and every other day, all these days before, it's still filled with zero day events. And so you need an artificial brain that has the ability to cope with that. And so and they're working on that brain right now.
If any of you have ever gone to a website that says, prove to me you're a human by identifying, you know, which pictures have bits of a crosswalk or a stop sign or a stoplight in it. And you answer those questions. What you're really doing is you're building training data sets to train an artificial brain to drive a car. By the way, please keep doing that for your human as often as you can, because I really want self-driving cars in my life.
I think when I get into my 80s and nineties, I want my car to take me to the store. I don't want to have to drive it. I have grandparents that I'd also really like that capability, so please keep doing that. But no matter how good this brain gets at driving a car, it's never going to be able to, for example, detect malware.
Same thing holds true for artificial brains that can detect malware. So neither a driving brain nor a cat GPT will be able to detect malware. They're just not built for that. It might be able to write malware, but it can't detect it.
This is where deep instinct comes in. We have the only purpose built and that's important. The only purpose built artificial brain designed to detect and block malware. And we can do it faster than the malware can even execute in sub 20 milliseconds.
That includes zero day malware. We don't need feature extraction sets. We don't need signatures. And in case you're wondering, yes, the deep instinct brain actually caught the zero day ransomware that we got just getting you to write for us.
Deep learning is changing the world that we live in so many ways. And it's only through deep learning that we're going to be able to get back to, as Jared showed on his or the presentation, back to a true prevention first approach where we can actually protect our environments instead of constantly reacting to it. I think. And so with that, I'm going to go ahead and turn it back over to Jared.
Thanks, Ryan. That that was really eye opening, enlightening and entertaining, honestly. It's good to have that background of. Where do we go with AI to understand where we're going with deep learning and back to the full circle, back to that prevention first mindset.
How is deep learning approaching that. And why is it better for the job? Why is it the eye for the task? Right so let's take a look at it.
What does proactive I mean and how do we prevent the most advanced threats? Well, with known threats, you don't have to have threat intelligence feeds. We're not relying on heuristics and signatures here or avoiding writing to writing that malware to the device. First, there's a higher level, higher level of accuracy, meaning that we're eliminating all the noise of the false positives, which means we get faster decisions.
And the SOC analysts can feel free to go about their day and actually do what they were tasked to do in the first place. Instead of chasing down a needle in a Haystack with unknown threats, we're moving beyond just the traditional basic pattern recognition that we had with the static sticks. And we're going to a more predictive model, where we can prevent zero days, fileless attacks, code injection, PowerShell exploits, things that are traditionally trying to exploit and bypass existing security tools because they understand how the security tools work and they reverse engineered them. So
they're specifically geared to bypass it. Deep learning is trained to understand those exploits and bypasses and can actually predict with almost 100% certainty that they're malicious. It's also autonomous and intuitive, right? It's not just relying on human interaction to make this decision or to respond to a threat, but it's actually making that decision on its own based on that massive amount of data that's gone through all of these convolutions to build the model that is basically foolproof.
It has resilience as well. It's harder to reverse engineer because it takes years to engineered in the first place. So it would take even much longer to reverse engineer it, meaning that it's not computationally feasible or it's not monetarily feasible for an attacker to try to reverse engineer a deep learning model because it would take much too far too long, and they would have to spend too much money to outweigh the money they would make on it. The data itself, we're training on malicious and benign data.
We're letting the model make its decision or the neural network make its decision on its own, instead of providing these weighted static outliers that we're providing it by human data scientists. So we're letting it be more not only autonomous, but make the decision on its own. So that it's more foolproof. Right and with that, I'm going to let g be kind of do a little bit of a deeper dive on not only why deep learning, but why deep instinct.
Thank you. I'm just conscious of time, folks. I feel like a little bit like the guy who's invited you on a timeshare holiday and now you've had a wonderful couple of days by the pool, not by the beach. And I've got to talk to you about the owning the property and close the deal.
But I'm just the same way. There's two ways right now that you can benefit from a deep learning driven prevention platform. What is in terms of if we look at on the left hand side, we have a deep instant prevention propagation. This is primarily focused on files in transit.
So if you or your customers, partners, et cetera, or internally are uploading and downloading files, we help de-risk those. And equally over on the right there, you can see we also have an more agent based solution. What is agent loss on the left? On the right is more agent based where we secure your endpoints.
And we do that with, as Jared mentioned, an industry leading static analysis, basically deep learning framework. But if we look at flexibility, which is incredibly important, when you look at how you can implement the new cyber security solution, we have a container based approach. It's incredibly lightweight, simple and easy to deploy. It's very, very low friction.
And over on the right, and particularly on the endpoint side, we also have additional behavioral analysis to catch particular types of attacks, so such as far less code injection in memory and others, which we increasingly see more from a threat or a threat attack perspective. And then just a couple of specific reference points. Some of you may have never have heard of these things before. Bottom line is, we're working with some very, very large organizations, working smaller ones, where most of all, it's a very, very robust, proven technology that's been around for well over six years.
Just a couple of examples. They're a major top 50 bank who have extremely impressed by the deployment speed, which is something I mentioned before. And below that this is a case study for take instant prevention for applications, a very well known global name. We can't blame them for sleep, but they're standing over 30 million files a day.
So it just gives you an indication of our overall scalability and robustness that is terror mentioned. We can prevent over 99% of unknown threats and this is absolutely key unknown threat. This is where you will find many other vendors will fall down because they're simply unprepared and able to deal with those. And one other thing I just want to highlight here is also you're getting the best of both worlds.
You get incredibly high prevention, but also an incredibly low false positive rate, sub 0.1% And we recently had an independent study conducted by unit 2 to be a major cyber security prevention consultancy. And we send you that report where they did a deep dive analysis and validated this false positive rate. I'm conscious of time, folks.
We're going to be open to questions. But I also will discover a lot of you are asking if we will share the slides. Yes, absolutely. More than happy to share those slides with you, especially for those who unfortunately weren't able to view part of the presentation, because of some of those bright talk platform issues.
They're conscious of time. I love to move over to questions and I can see that we've already had a couple coming in. So Ryan Jarrett will see who's probably best positioned to answer these. The first one is how does the emerging technology called Federated learning AI fit into cybersecurity detection architectures?
Which one of you is brave enough to have a go answering that one? That's a good question. I I'm not sure I actually have a good answer for that. I haven't I haven't studied up on Federated learning, of being honest.
I don't know. Jared, do you have a better response? I'm in the same boat there. That's a great question.
We'll definitely take a follow up item on that and discuss it offline after a little bit of research. I know a little bit about it, folks. I think the big question with Federated learning is, is the security with which you sharing those insights and understanding and obviously making those available or those being accessed by bad actors is how you do that and do that in a secure environment. Because any kind of insights into certain types of attacks, you just want to make sure that you're sharing that data and that information with secure partners, so to speak.
But maybe this might be an easy one. Now, the second one here is how about computing power related to deep learning? Are we at a stage where quantum computing will be the next big thing in a. So I mean, quantum computing actually will definitely help accelerate the rate at which we can train artificial brains.
One of the thing that's important to understand about it, though, is that that's where the heavy lifting, that's where the great computing powers required is in the training of the brain. Once the brain is trained, that resulting detection algorithm in this case for cybersecurity is actually done learning. And so that gets encapsulated into an agent or a container, and that is what gets applied to your environment. So as an example with GPT, that brain was trained in 2021 and it's not connected to the internet, it's not looking for recent data.
So for example, if you went to Chad GPT today and said, tell me who is the highest scorer who holds the scoring records in the nba? It would still tell you, Kareem abdul-jabbar, because it's unaware that LeBron James broke it last night. For those of you who didn't know he did, that was pretty cool. That's pretty topical.
That's pretty topical, right? OK Yeah. And I would say, too, from a computational standpoint, it's very low footprint because all of the work is done on the front end. That's where all the heavy computational part of it is.
So once you apply it as an agent or the agent was part of the solution, it's very like footprint from a resource perspective. And that's what allows us to make the decisions super quick and also provide the low false positive rate while maintaining low system. Thanks thanks, guys. So that's a great segment.
One other question, Jared, which is the statements of benefit of deep learning are great. You're not wrong there. Do you have a structured approach to quantifying the benefits? For example, how do we calculate sub 0.1%
false positives? For what decisions? Stroke findings? So basically what we're doing is when we look at all the files that we've scanned, how many of them come back as a hit?
So a positive detection that actually turned out to be benign files. And our connection, our calculations on that, again, are less than 10.1% That that number is actually a little bit, I guess you could say, conservative, simply because we do have customers that are scanning upwards of 30 million files a day. Again, with no latency, deep learning is incredibly fast, but their false positive rate is actually substantially less than that.
So it's just an incredibly low false positive rate. But Thank you. Next question. How long does your deep learning model have to train on the clients raw data sets before being effective?
Great question. So we don't actually train on client's raw data. We assemble our own data. And sometimes clients will give us data that they want us to use, but we go and get it ourselves from multiple different data sources.
Once again, once a brain is trained and deployed into a customer environment, it's done learning at that point and it's got its resiliency. So we're not actually training on customer information. That's also another good point in that we're not pulling data out of your environment to look at it or learn from it. It's contained within the environment.
So it avoids a lot. What's the word I'm looking for? Sorry I mean, there's not a lot of tuning time, right? Yeah, it's not a lot of tuning time.
Thanks, guys. So compliance includes a lot of compliance issues. Gotcha I got a couple of last questions as we can finish up on time. You train models with malware data and benign data.
Question mark, how would you define benign data, nominal behavior? What major features did you identify to segregate the two categories? So as far as the major features go, I mean, we just look at the files and decide whether or not what they're doing is malicious. And there's a lot of obviously work that goes in on the back end for that.
But as far as the brain itself determining basically the way supervised learning works is we tag the data ahead of time. So we know which files are benign and which ones are malicious ads. And as far as determining what we decide is malicious or not, again, there is some leeway in that decision just because some files could be malicious and depending on how they're used. But we make that call, we tag that data.
And then once it's Fed through the training process within the artificial brain, again, we don't tell the brain what to look for. We simply tell it whether or not it got it right. And then when it gets it wrong, which again initially it will, we tell it to try again and it starts recalculating and reconfiguring. And that's the process that we go through.
Thanks I'll get on to that to summarize and finish up here. We the malware classification is a big piece of this. So we're not just saying, hey, this is bad, take our word for it. We actually classify what type of bad is it, right?
And so to Ryan's point, if it's something that is potentially malicious, we have a category called people who are potentially unwanted application. Right so that doesn't necessarily mean that if you run this, you're going to get ransomware, but it is potentially unwanted because it has behaviors that are either suspicious or potentially looking to do info, stealing or spam, you or you know, those kinds of things. Right so that's a piece that kind of sums it all up and makes it I am I feel really bad. I'm just kind of keeping the time.
One really good question to ask, so you got to call out that. Jerod you mentioned deep instinct is mainly for files on the fly in transit. How does the instinct prevention platform handle the sleep malware? I'm assuming that's referencing, for example, storage of files, files that are not obviously in motion.
So that at rest is the question here. Exactly I assume. Yes so the. This is where the deep instinct engine comes in because we don't allow it to hit storage in the first place.
Now, in the case of retroactive skimming, that's something that happens with the endpoint of the agent based solution. And if you look at the upcoming, which this is something that we're talking about in the future, the upcoming Naz solution. That's where the agent would come in, you know, for files that are already in storage. But as far as the prevention engine goes itself, the endpoint solution prevents anything from hitting the disk.
But it also has a behavioral analysis for anything that does hit the disk if it is allowed to execute. There's behavioral analysis after that to understand what happens. Post lots of great points. Unfortunately, we're it time now, folks.
We will do our best to answer all your questions of mine if we can. Thank you very much. Look out for a copy of the slides in the follow up, email those to you and also recording for anyone who was unable to view the full slides. And also if you loved it so much, you just want to watch the whole thing again.
More than happy to. Thank you very much for your time and have a good rest of the day. Thanks, everyone. Thank you.
Thanks Thank you, Jared. It's Thanksgiving.
CookieConsentStores the user's cookie consent state for the current domain
