Hello, everyone. We're gonna give it a minute or two to let everyone join, and then we will begin in just a moment.
We need some background music.
Alright. For those of you just joining, we're gonna get started in about one minute.
Alright. That takes us to about two minutes after the hour. We're gonna go ahead and get started. Welcome, everyone.
Good morning. Good afternoon or good evening, depending on where you're joining us from. And thank you for joining us today for our webinar.
Introducing deep instinct prevention for storage, fighting AI with AI.
My name's Matt Hubbard. I'm director of product marketing here at deep instinct. I just have one housekeeping item to cover before we get started. And that's if you have any questions throughout presentation, please feel free to utilize the Q and A function within the Bright Talk pack platform, excuse me.
Otherwise, we will have some dedicated time at the end of the webinar for additional Q and A. So without further ado, I'd like to turn it over to my colleague, Jerome Gross, senior director of product management here at deep end think to walk through the rest of the presentation. Sharon?
Thank you, Matt. Hello, everyone.
Let me bring up those slides and we'll get going.
Alright.
So thank you everybody for joining in this session today, where I'm going to present deep instinct prevention for storage, where we actually fight AI with AI, and by that, are aiming to disrupt storage cyber security. As Matt said, my name is Sharon. I'm a senior director of product management here at Deep Instinct, and let's get started.
So I'll start with, like, a ten minute, ten second overview of who we are. Then we'll talk a little bit about, the challenges in data protection in this era of AI that we live in.
We'll take a very, quick crash course about deep learning and see how it enables us to achieve the very good results that we can achieve with our technology.
We'll dive in deeper into what the instinct prevention for storage is and how it helps protect your storage and then we'll leave some time for questions at the end.
Deep instinct was founded in twenty fifteen.
We are headquartered in New York City, with offices almost around the world with Tel Aviv, London, and Tokyo.
We're actually based. We started off with, a unique, and first of its kind deep learning framework, for cybersecurity, and the the platform is already protected by five granted patents.
We have a very big customer base, large companies, small companies around, thirty three hundred end customers, but we're also working with MSSPs, MDRs, and other types of distributors.
We are backed by both strategic and financial investors.
And along the years, we have managed to, get a lot of industry recognition in terms of, prizes, awards, and other types of, articles and recognition of that.
So let's start by talking about what are the challenges that we see today around data protection in the era of AI.
As we all know, organizations today and and in the past few years are running on data.
That data comes in various forms that we all use on a daily basis.
And through a number of mediums applications and ways such as SaaS applications, corporate applications, both cloud or on prem data repositories endpoints and so on.
And what we see is that billions of files are being transferred on a daily basis around the world.
If we look specifically on file uploads and downloads, we see how these trends of files being shared every day greatly increase the risk of malware.
Now, it very common to assume that malware usually comes in the form of executables, exifers, batch files, scripts, and so on, but actually research shows that, over forty three percent of all malware downloads are actually malicious office documents. And, and I guess we all use these on a daily basis, and this is why the risk is greatly increased.
Not only that, but what research shows in the past few years is the attack complexity and volume has increased our, attackers have become more, conflicts in their attacks and are able to carry more of those the human ability to respond actually, is very much lagging. And that creates a lot of exposure for our customers for organizations because we actually failed to protect against these new emerging threats.
Not only that, but we we know that seventy two percent seventy two percent of malware attacks actually utilize what we refer to as unknown, form of malware or zero days. There's different terminology for that. But these are actually malware or threats that have been created very, very recently.
Today right now in in the past twenty four hours, and these come and eventually result in attacks in the form of ransomware, multistage, supply chain, unknown, malware, and zero days attacks, and so on.
Now the fact that there hasn't been a good enough technology up until recently to combat these, specifically these unknown attacks the attempt to, to protect against these have caused a lot of rise in false positives. Because of the failure to actually detect those, as well as false negative because they don't do a good job in this defense. Which overall increases the alert fatigue, security professionals face.
Now everything has gotten even worse lately with the introduction of generative AI, CHGP, and these kinds of technology, where the bar for attackers to create new, mutations of malware is greatly decreased. It's much lower now than than it was before. And this creates the notion of zero days something that has been created very recently into zero hour or even zero minute because it's that easier now to create using these technologies to create new variants of malware, the tools cannot cope with. And what we see is that existing solutions actually fail to protect these.
And and examples of these are already very abundant fraud GPT, warm GPT. There's tons of names for these, and and these are popping up, at a very high rate. Creating damage. And as I said, many attackers, even with less expertise, less knowledge, less technical abilities, can now utilize these tools very easily to create damage.
And this leads us to understanding that this new technology which we have to face actually creates a new problem, and therefore, it demands a new type of solution.
We all know the numbers. We all know the damage that that a even a single attack, can incur Both in terms of the cost it takes to recover the damage to the reputation, data leakage, user base, and so on, but also how long it takes to contain and to recover from such a breach. So definitely the the the damage potential is there and is very high.
Now, if you kind of survey the the approach of the security industry, for these challenges up until now, It's what we call an assume breach approach. That means that given that we don't have good capabilities in preventing those threats from getting into our network, into our databases or whatnot, we then assume that we are going to be breached. We assume that these threats are going to be here, and we have to face them. And then both, security vendors and security teams within organizations have focused on things like detection, investigation, response, remediation, which are after the facts actions being taken, and these are very, very costly.
They take a lot of time, effort, resources, and expertise. In order to campaign and deal with what just happened. That leads to reinfection because you don't actually you're not actually able to stop the threat. And overall this entire operation costs a lot of money to organizations.
Unlike this approach, what we take here with deep instinct because we actually can prevent those threats from ever getting into your network or your storage is that by stopping these from ever getting in with our, predictive prevention, technology, the effort that organizations need to take in order to detect, investigate is much lower overall reducing greatly the number of false alerts they need to handle, the number of recurrence of threats that they need to keep on combating. And and at the end of the day, their entire cost of ownership, their their entire operations of securing the organization is much lower.
And this brings us to, our deep instinct platform that we call predictive prevention platform. This is basically the way that we deliver, the the very strong benefits of our deep learning approach with having over ninety nine percent prevention accuracy.
Of unknown threats. Remember, these are the ones that are hard to detect and stop.
We do that with less than twenty millisecond prevention time. And a very, very low false positive rate below zero point one percent, we bring these benefits into basically anywhere within the organization threat landscape, whether these are, custom or web applications, SaaS applications, storage, which we are going to focus today, servers, endpoints, and so on.
Now if we if we are taking a a deeper look into storage, we definitely understand why it is that important to protect that and and Gartner Gartner quote that we can see here basically says it out loud that file systems and block storage systems provide today inadequate protection from everything that jeopardizes your data and your organization today.
So I I mentioned now a lot of, very promising benefits in the form of over ninety nine percent accuracy, by the way, I've been in this industry for a very long time, I've never seen a tool that is able to does what it's supposed to do with such a high level of efficacy or accuracy, very low false positive rate. So you don't need to take my word for it, but I do want to try and explain how this is all possible And this is because of our deep learning technology that actually makes all the difference. So let's take, I would say like a three minute crash course on deep learning before we move on to talk about prevention for storage.
So the best way to explain deep learning is by comparing it to something that we all pretty much know today or at least to some extent, a normal or regular shallow if you may machine learning. So machine learning is a process by which domain experts, either security experts, or whatever the the the space is, these are, engineers that handpick, specific what we call features or parameters within a given data set, in our case, it's a file.
So they they handpick specific features within that file that they think could be indicative of malicious behavior, or they think that If they see that feature within that file, it means it's probably a malicious file.
The result of this picking or feature engineering as, as it's called, is that eventually the data that is being taken into the computational model is is very low in terms of per percentage from the entire data set. Only two and a half percent, five percent, even sometimes even one percent. Then they they they then take these features and bring them into a computational model that eventually produces, in most cases, a linear model, which is a pretty basic form of a machine learning model. And the result is, a model that can to some extent detect malicious files but only for a very limited set of file types because the features were handpicked for that specific file type.
So in order to get a better understanding of this process, let's take a very nice example that we call a blueberry muffin classifier. Basically, a model that is able to say whether or not a picture, includes blueberry muffins within it. So if we take the process that I just mentioned, what what these engineers would do is to handpick specific properties of that image in order to bring them into the model. Those could be, measuring the color of the dough the paper density, the pixel density, the blueberry color depth, maybe the the blueberry shape.
So everything that they think is an indication that we have a blueberry muffin. So once they've picked these features, they would start measuring these across a very large data set of many, many, many other images, they would measure those features within each one of these images to eventually, produce and understanding that if the color of the dough is zero point eight five six three, and the paper density is is this, and the pixel density is that.
If all that happens, this probably means that the picture includes a blueberry muffin, and that is the machine learning model that can identify muffin pictures.
If we take a closer look at this kind of model, this machine learning classifier has three major flaws.
One, it can only be as good as the domain expert was in identifying relevant features. Because if something else within that feature turned out to be indicative of a blueberry muffin, but that expert, for some reason, didn't, choose it, then the model would be left.
Second, it's only trained to classify blueberry muffins, right? If if if we follow that process that I just mentioned, it won't be able to detect other types of muffin or whatever other pastries that you would like to find in a picture.
And at the end of the day, it has a very high false positive rate. As you can see here in this cute example on the left.
So if we if we take all this understanding and and summarize it and take it to our world of malware detection in in a deep learning model, unlike the the machine learning shuttle model where we only take Again, sometimes less than two percent of available data, a deep learning model takes every bit of every file in order to identify what are the features that eventually lead to that file being malicious.
So unlike machine learning where domain experts handpick those features, the deep learning model does it automatically. It takes in Hundred percent of the file across, in our case, almost a billion different file types, both benign and malicious, and it automatically and autonomously learns which are those feature that eventually differentiate between a malicious and a benign file.
That also means that because it wasn't specifically geared toward a very specific file type, it is very capable in identifying malicious behaviors or malicious file types across a different set of file It also says it also means that it it is it has a very, I would say, a very good longevity.
By that, I mean that because it isn't trained on a very specific set of things that today, I think are malicious but a very broad range of things that it thought could be malicious.
It means that the model will stay relevant and with high accuracy for a longer duration of time.
The end result is a model that can actually provide these results that I mentioned earlier below point one percent false positive and over ninety nine percent accuracy in detecting those unknown threats. Right? What is known is pretty basic. It's pretty simple because there's tons of information about it. But these unknowns, these are the, this is the place where tools are being challenged.
So after we've learned what deep learning is, Let's start to open the discussion about DIPler instinct prevention for storage and how it helps protecting your storage and your data.
So the need for storage security, I I think it's pretty obvious, but just to name a few key reasons are the fact that it stores the very large volume of critical and often sensitive data. It holds that data for long periods of time, so attackers can take their time planning their attacks, seeding their malware and do their processes, you know, comfortably.
It's a single point of failure because it holds everything that the organization has. And because files and data is being shared So extensively everything eventually goes or sits within those, storage, which makes it a very lucrative place for adapters.
If we look at solutions that organizations see today as maybe providing some protections, we we see these are lacking, and and I'll mention a few and and say why. So legacy AVs, whether these are single AVs, multi AVs, or even sheen learning based ones, they still do a very lousy job at finding and preventing those zero days and unknown barriers.
Their throughput because they usually need to get frequent updates and, query a certain database, usually cloud database in order to check for a hash, for a signature, or whatnot, the throughput in their ability to handle large amounts of data in a short time is very limited and usually insufficient for enterprise needs.
Now backups are considered an actually storage vendors like to say this is the way to protect yourself from malware, but that backups are good for mostly one purpose. And this is to recover from a ransomware attack where your data was stolen or was encrypted, and you need to bring it back. But it didn't prevent, the attackers from actually ex fuel trading and stealing your data. It they don't prevent from the malware propagating within your storage to other system and infecting other areas of your organization.
They have a lot of cost attached to them, and it's complex to operate.
CDR is another tool that's often used for specific purposes. Content, disarm, and reconstruct. Basically, tools that can take a document, take identify and take out the malicious content out of it, and he and then keep the file, pretty much intact. Well, actually, in many cases, they actually destroy the content itself. It's a very, cumbersome process. I would say because it takes a while for these tools to act, so they don't really scale into the needs of the enterprise.
On contrary, let's see how deep instinct prevention for storage actually is capable in in in meeting the, the needs of these challenges. So deepest in prevention for storage is a tool to prevent ransomware and other malware from ever reaching remember the, the, predictive approach, versus the reactive approach from ever reaching your on prem high bridge cloud or public cloud storage, and putting your precious data at risk. It's a very simplest, simple deployment because the deployment is being based on NetApp and Del Native integration. It's a framework that they provide, and we tap into. So for the customer, it's very, very simple to deploy using a Windows server where they installed, either the CAVA or VSCAN software that's provided by NetApp and then our agent, a very, very basic five minute process.
It does provide the best in class prevention that that I just spoke about with the ninety nine percent efficacy and less than zero point one percent, false positives.
And something that's very crucial, definitely in in the scale of enterprises, it's it does it provides this protection at a very low cost with a very high scale. And this is a key point because of the super fast scanning time. And by the way, I didn't explain that, but since our technology doesn't require querying any database, any cloud database or anything of that sort, It it's it's a model that sits right on the customer premise. And therefore, the scan time, the time to provide a verdict is super, super quick, often times less than twenty milliseconds.
Because it is that quick, you don't need that much scanning servers as you would need in other solutions that are out there today in order to scan your entire storage base and therefore your cost and the scale of operations is much lower than you needed to have with other solutions.
And all that is being done while ensuring compliance and data privacy because nothing of your files, nothing of your data ever leaves your environment, for scanning, and therefore no sensitive data is ever shared or used.
In a high level, how how the integration looks like. So on the left hand side, we have a Nest cluster, and that Nest cluster is attached with a number of scanning servers, Delcava or NetAppV scan. Within that server, we have, the vendor software, alongside our agent. Now that software basically triggers a scan request to our agent a deep instant.
Here's a file. Please scan it for malware. And then within twenty millisecond, we are able to say whether this file is benign or malicious. And based on a policy that is preconfigured, a remediation action can be taken to quarantine, delete the file, and so on.
And that all support a very good user experience because when a customer, when a user tries to open a file, tries to write a file, they don't need to wait that long in order to, have the file scanned and continue with their day to day work.
Now our, similarly to our other solutions here too, everything is being managed through our centralized management console that, by the way, supports all of our other products, DPE, DPA, and so on, and is also aided by your computation service, what we call Deep Cloud, where it's a bay a database of, of hashes that assist to provide some better efficacy with those known threats. Because as I said, those known threats already have some, information about.
The types of operations that can be utilized here are what we refer to as actually the vendors referred to as on access scanning, on demand scanning, and the remediation is also possible. Let's see a bit in more detail what these use cases provide.
So on the right hand side, we can see how the dashboard looks like looks like with a lot of information on the health of the system, the deployment of scanners, how many files have been scanned, how how many of those have been found to be malicious, and so on. A very rich dashboard with a lot of information.
In terms of the use cases or modes of operation, we spoke about on scanning, that means that whenever a file operation is being conducted, a scan would be triggered.
And in the case of NetApp, by the way, the operation is suspended until the scan status is reported back. So, actually, the the threat is, I would say, a hundred percent prevented because nothing can be done with the file until it's found to be benign.
On demand scanning, as as the name, implies enables the, the admin to basically set either a scheduled scan or handpick a folder or set of files or an entire, full scan of your storage in order to start a scan of all files within it.
And, the this Kavan and and Del, sorry, Kavan, this can also have, a mechanism by which if I was scanned, found to be benign and wasn't touched sensed, it won't be scanned again. So in terms of, efficiency, this provides a good efficiency for full scans.
In terms of remediation, the remediation actions that our solution can take upon the file being found malicious are to quarantine it or to delete it. Everything is controlled with this flexible policy. And if you want to recover something from quarantine, that's also very easily possible within the management console.
The user experience is very similar to what, what we have in our other products. It's same experience as in DPE and DPA.
We are introducing new types of assets here. One is called the protected storage. This is actually the the part, of your storage that you want to protect, with our solution. And the storage agent, this is the scanning agent. That would be installed on the scanning server, as you see, as you saw in the diagram earlier.
And all agents, that are allocated to a protected storage are assigned the same policy. So if if you're trying to protect, a portion of your storage that, let's say, two petabytes. And because of the scales of operation, the number of files you have there, you need to deploy, let's say, twenty scanning servers and twenty scanning agents, all of them would be getting the same policy. So the management of this is very logical and fits your storage needs, and also easy because you don't need to, to work with many different types of policies.
In terms of deployment of the solution, it's also very, very straightforward.
You create a protected storage. Again, this is saying to the system, this is the part of my storage that I want to protect. You assign it with a policy. There's a default policy.
If you want to use it, you can, also modify it according to your needs. And then you simply deploy the storage agents within those windows servers. And once you deploy them, they register automatically and they automatically know what is the protected storage they are assigned to protect. Very easily a few minute process.
So if you take a zoom out and and and see how these benefits actually materialize in real life testing that this is testing that we are doing constantly for our solution, versus competition.
What I wanted to note here is that other than the very high efficacy that we have compared to our to competing solutions, I did wanna highlight here the unparalleled, throughput or efficiency. As you can see here, depending on the size of the file, because it does have an effect on how quickly we scan, we can actually achieve between five and fifteen times faster scanning comparing to the competition.
Now, why is that so important when we're talking about storage and enterprise scale. And that's, let's see an example here for a company that's actually, a customer of ours that is using a very big customer that is using today twenty three hundred Windows cover servers in order to protect their entire storage. It's a very large storage. This is why they have to deploy this enormous number of scanning servers.
They scan hundreds of billions of fuzz per day. And if we assume that this is just for the sake of this exercise if we assume, five sizes are roughly on average five megabyte, and the cost for that customer to, to purchase and maintain and to support, a cover server, let's say it's two thousand dollars per year. If we take into account how better our solution performance is compared to the other vendor, then we see how much money, both in terms of license and, infrastructure cost, we actually save that customer. We're talking about more than five point five million dollars and over seventy percent cost savings.
So we are providing a much better protection at a much lower cost. And I think this is a very key point, for our solution.
So to summarize, this, this talk, if we if we look at the era in which we're leaving today, where new variants of malware are very easily being created by unexperienced threat actors, this era of generative AI, we understand that in order to be able to cope with these challenges, you have to be able to predict and prevent in order to keep your precious data safe. And this is because solutions today are just not able to keep up with the attackers.
Scale and cost are key here. We understand that you have to be able to maximize your protection at the lowest possible cost. And by that, free your resources and your budget to fight other battles, where you don't have this good of a technology to protect you.
And having this ninety nine percent efficacy actually provides a lot of trust in your defense You don't need to be always on the lookout for investigating false positives, making sure nothing was missed, then investigating those you have trust in your defenses with these results.
By that, you also avoid team burden and alert fatigue because they don't need to handle a lot postpositives every day, and you're able to maintain business operation a good user experience throughout the process.
That's it for me.
Any questions, please?
Yeah. Then we have a few questions in the, in the chat you've here. I'll go ahead and read them off for you and you can, you can answer them.
How does deep instinct compare to proliant and can deep instinct integrate with SIM platforms?
So deep instinct integrates with same platforms.
It was there on the slide, but we also have the the management platform as a rest API that enables customers to operate it, programmatically, either by a custom integration or with other platforms of their choosing. And we do have a built in SIM, integration. So the answer is yes. Actually, I have to say I'm not familiar with Proline, so I can't really comment on that.
But we have been comparing our product to other very commonly available, solutions for storage protection, and these are part of the results, you've just seen.
Alright. It says with your NGAV product, I assume that's DPE.
We have experienced issues with quarantine files not being able to be stored or being restored at zero byte files.
Have you experienced anything similar with deep instinct for, for storage?
Actually, not. We haven't experienced, those issue.
The mechanism for quarantine in the storage, solution in DPS, prevention for storage is is similar, but somehow different. It's actually even more robust, I would say. Because the scale and the number of files that each agent is expected to be handling, unlike I would say, versus an endpoint where you don't have that many files and and not many files are being scanned all the time, we do expect in the DPS case, and we are seeing it with some customer testing.
There's a there's a lot of files being scanned, all the time. So because of that, we needed to, I would say, make our quarantine solution a bit more robust also enable, a remote location like a network share, for those quarantine files to be stored, not only on the scanning machine itself, because We could be running out of space in that case.
So the mechanism is a bit different. And so far, we haven't seen any issues with restoring form quarantine.
Excellent. And there's one more question. How is it licensed? And is it only Dell and NetApp that you integrate with?
So, yes, at the moment, we're integrating with Dell and NetApp. We do have on our road map intentions to integrate with other vendors, obviously starting from the bigger, the ones with bigger market share.
Pure storage is is one, you know, that we're already in very deep discussions with.
We are also extending as we speak to support to cloud storage. So we are building an integration with AWS three in order to protect and and scan for malware file object within, AWS three that's already an ongoing.
And as we expand this, product suite, we'll obviously try to cater and support, as many other, deployments and vendors as possible. In terms of licensing, the life thing is being is based on, the total, storage volume that a customer wants to protect. This would be the, and we do have, a very, granulated, I would say, tiers according to, the number of terabytes that are being put under protection, and this is the licensing model.
Excellent.
One more question has popped up. It says, what is the logging co capacity of the product? And are the logs encrypted as it is in your DPE product?
So, the logging here is is a bit different. Again, because, The use case is somewhat different. On an endpoint, you would probably want to see, you you would probably be interested more in the in the events, like the malicious files that have been, identified.
But in the use case of storage protection, we have chosen to basically log any scan of any file. Because of the scale, we also provide more, I would say, complex logging, capabilities in order to also be able to log to create to create those logging, those logs within a remote location so that you can control, the space. You can also control when, your start to overriding existing, logs. So everything, So everything is, is very much controlled within within the policy.
In terms of encryption, I'll need to check. I'm actually not sure. I I would I wanna say yes, but, I'll have to check about it.
Okay. And they did clarify that that was logging capability, not logging capacity. I might have read that incorrectly, but hopefully you answered the question.
Yeah. I I spoke about both, actually. The the capacity should be, bigger compared to DPE. This is what we focused on. Here, but the capability is there and and was extent extended. Okay. And one one additional question an infected endpoint can encrypt files on a storage protected with deep instinct.
Or can an infected endpoint encrypt files on a storage protected by deep deep instinct.
Well, The protection that DPS provides is for scanning files that are being placed within the storage.
So depending on how this file encryption is happening, that would, actually dictate my response. But Again, there are various ways as far as I know, for file encryption. And if these this is done from from a different infected endpoint, which, by the way, assuming, is not protected by a pin sting, then I I can't really know. But The functionality of this solution is to scan files on storage. So if for the purpose of encryption, a certain malware is being placed in in the storage folder, that malware would be prevented, and the encryption would hopefully be prevented.
Excellent. Well, we have no other questions, in the Q and A feature within the Brighttop platform here. So, just some closing thoughts for everyone.
This product is is brand new. We just launched it last Monday. A week ago last Monday, at NetApp Insight where we got some great feedback from a lot of different, NetApp customers and partners.
We also launched a press release We updated our website with a new DPS product cage. We have an ebook, a solution brief, a couple of data sheets, one for Dell, one for NetApp, a blog post and many more, helpful assets to to help educate you on, the new deep instinct prevention for storage offerings. So please visit our website, request a demo if you want or reach out to your, your CSM or your partner business manager for additional information. Thank you very much for joining us today. And, we appreciate everyone, everyone joining. And the questions were great. And, thank you for your feedback.
Thank you.
CookieConsentStores the user's cookie consent state for the current domain
