Hi, everyone. Welcome to Deepencing's webinar presentation on how to sector data and applications from adversarial AI. We're gonna discuss, a number of threats that are facing AI today. Some as recently as, in the news this morning. My name is Brian Black. I'm the VP of Global Sales Engineering here at Deepin Singh, and I'm joined by Orin. Orin, would you mind introducing yourself?
Yep. Hi. I'm, Orenoa. I'm the senior project, product manager, managing the, deep instinct prevention for application product.
Excellent.
So throughout the webinar presentation, you do have the ability to ask questions. We are moderating that, and we'll answer the questions either in line when they come in or, or at the end.
So let's begin.
The agenda for the presentation is we're gonna talk a little bit about machine learning versus deep learning we wanna give a little bit of a base understanding of the different types of AI that are available. We're gonna talk a little bit about the evolving, threat landscape.
And how these advanced forms of AI are aiding cyber threat actors, then a little bit of features about new threats and how they operate and then ultimately into a product that we have deepens things that can solve many of these challenges.
So without further ado, the different types of AI, This is something that I wanna spend a little bit of time on. And, hopefully, this may even be a slide that you might be familiar with. You might may have seen this either in other presentations.
As some format or some context of this slide is pretty common now. But at least certainly online. And this is important. This type of education is really important.
Because everything today seems to be powered by AI. Right? I always tell the very true story that, I was was in Target, perhaps Walmart, and I found a toaster that was powered by AI. And I thought that was the silliest thing I've ever seen.
At any rate, I now own a toaster powered by AI and admittedly it makes to get toast.
But everything is powered by AI now. I wouldn't be surprised if soon we're gonna see just car washes advertised that they're gonna wash your car by AI. If that's not already here, it probably soon will be. But we have to think about what types of AI are powering our tools, our cybersecurity products, etcetera.
Artificial intelligence as a whole was really coined as a term in nineteen fifty five, and it's pretty simplistic. In fact, by definition, Even signature based cybersecurity products from the eighties could be classified as AI. Heuristic models can be classified as AI.
But if someone walked into your respective offices or companies today and said, I'm gonna sell you a great form of AI, it uses signatures.
You probably firmly but politely, escort them to the door and say thank you. We're not interested.
Around the nineteen eighties, we saw the rise of machine learning, and machine learning is really cool. Because what this type of algorithmic models do is it allows computers to understand their world when they're given a set of features and instructions. Which means they can identify new things as long as those new things are within the features of what they were trained on or what they were programmed to do. The challenge here, of course, is that it really requires a domain expert to explain those features to a computer.
And should the domain expert miscontext or in some way just not add a certain feature, then the the algorithm, the AI isn't particularly good.
But around two thousand and ten, we saw the rise of deep learning. And deep learning is what today powers Chat GPT and really all large language models, and we're gonna talk about those, in deep detail in a bit. It's what powers deep instincts, cybersecurity capabilities, and it's what brought us self driving cars. The idea of deep learning is that it learns the world around it by itself, processing on one hundred percent of the data in context. As a result, we no longer require humans to sit down and explain certain features to a computer for it to process on. It develops its own features, just like a human brain does.
So when we look at the threat landscape today, it's definitely evolving over the over the past twelve months. And as we see here, seventy two percent of malware is now considered unknown. And there's a pretty good reason for that because we can develop malware so quickly now that the end result means If, you know, one piece gets out there and gets stopped, threat actors can generate a new type. And that's challenging. It certainly means that the era of signature based systems, hash based systems have really gone away because you simply cannot develop those solutions quickly enough to meet how how fast the threats are developing. But even the concept of detecting and responding to these threats is really difficult, and it's getting more difficult as we're gonna take a look at a great example of polymorphic code that bypasses EDR systems here shortly.
And really this has been supercharged by, as I mentioned earlier, LLMs. Specifically ChatT, as well as Bard, but there are many, many, many, many LLMs that are driving this revolution. And here is a an extremely small subset of them. Lama, of course, and Lama gave birth to the Vikuna model, which is, absolutely incredible.
For being open source. We'll talk about that. Starcoder, FIND, it's great for developers. I think one of the great lines here came from another individual at deep instinct just two days ago.
When, I showed him Finn, and he said, this, you know, this is great. I asked chat JPT a question about code, and I was propec perplexed by the answer. I asked Fin and it just knew exactly what to do. And, the comment was, chatty BT is is so twenty twenty three AI.
And I think that's funny. And it it kind of highlights a point that these are developing rapidly. Now, certainly chat to BT is still quite relevant today. If not, the industry leader by a by a bit, but other products are coming online very, very quickly.
In fact, there's a a URL that I recommend to a lot people to to jot down future tools dot I o. It is in no way related to deep instinct, but this is kind of a neat website I found.
Because you can go and sort by the type of AI you need. If you need something for music, if you need something for images, if you need something for coding, or for stories if if you were looking for paid services or free services. And I think at my last count, there was two thousand four hundred and some odd LLMs on there in the past forty eight hours, an additional six were added to the, to the site for indexing. So to say they're coming online at an incredibly, quick rate is certainly an understatement.
However, one of the things that we also have to be cognizant of is the threats that these are generating. These are just a handful of of, headlines that I've grabbed over the past week or so, but the reality is We could stay on this slide for hours if we wished and just have new headlines constantly coming up because that's the reality today.
Quick Google searches will reveal thousands of headlines about how LLM's large language models are changing the threat landscape and changing the ransomware landscape.
And again, this is important because I was actually having a conversation with a CSO in November of twenty three just a few months ago. And off handedly, he commented where he said, you know, geez, Brian. It seems like in the past year, Fred actors have become supercharged.
And the reason that was kind of humorous for me is because about two days before, so I logged in to chat GPT, and it popped up with a message saying, which chat GPT a a half one year of birthday.
And I was like, well, yeah, these large language models have been around for a year.
They've been in the public domain for that long. And, yes, they have absolutely supercharged threat actors with their capabilities.
So when we think of what, you know, CTO, CIO, CSOs have to face today, And not just them, but the companies as a whole. You know, it's it's a real concern for the CEO for the board. And we're seeing now in a lot of the conversations that we're having the board of directors is pushing down prevention mandates because you simply have to prevent these upfront. You cannot detect and respond to them. They simply move too quickly and they're too pervasive.
And a lot of these are powered by new tools that do just that. Two slides back. We took a look at things such as Starcoder and FIND and ChachiBT and Bert and etcetera. But on the dark web, there are other large language models that are absolutely causing challenges. Fraud GPT, worm GPT, Definitely, Darkbird. Absolutely.
And just a few days ago, and maybe I'm a little late to the game. I don't know how long it's been out, but I discovered bad GPT. And on another browser on on another laptop sitting in the in this room with me, I've been playing with it, and it's amazing, from an intellectual perspective, on the type of things that it can create, the type of code that it can create, because fraud GPT, evil GPT, bad GPT, Darkbert, essentially these are tools where the morality filters that have been applied by the likes of, you know, Google for their, barred product and open AI for their chat GPT product have simply been removed. And when you remove these biases, when you remove these morality filters, it turns out that you can just have them build malware.
And this is, a lot of what is is powering the threat actors in the landscape today.
So because we know we have this challenge, we have to take a look at how we're going to meet it. And this is something that, you know, Warren's gonna speak about here shortly.
But ultimately meeting this threat today, meeting the challenges that we have today. With the same type of technology that we relied on in some cases twenty, thirty years ago simply isn't working.
Now that kind of makes sense if you think about it. You know, threat actors evolved past signatures. They evolved past heuristic models. Sandboxes were great for a really long time. They've evolved past Sandboxes. It's now very easy for a piece of malware to know if it's running in a Sandbox and simply stay quiet so it doesn't generate any alerts.
And we're now seeing it begin to evolve past the EDR. In fact, we're seeing threats that are taking place entirely within the storage space now. And even that's really important because I've spoken to CIOs and CSOs where they say I'm really not too concerned about malware storage environment because ultimately that's executed on an endpoint. My endpoint product will will detect it. But then we take a look at some of the threats that are out there. And we say, look, these threats are aware if they're in a storage environment, and they're finding new ways to execute within memory space and, within transfer rates or within the transfer process in these environments, which means we have to now start protecting them as well.
So I mentioned a handful of slides back that there was, kind of a a new scary AI developed ransomware out there. And, this actually is nearly a year old now. You see the headline here from March of twenty twenty three. Eleven months ago. And thankfully, it was created by researchers and not threat actors. And for three to five glorious days, it was in the hands of legitimate security researchers.
It got out very quickly. In fact, the lock lock bit gang has, announced they're the most prolific and successful threat group, that I think we've had in history. And they've announced about a month or so after Black Mamba was created that they had the the source code, either the code of Black Mamba or they simply developed them themselves. And what makes this one so particularly interesting is its ability to simply slip past automated security detection models that we have today, whether those are heuristic or detect and respond models. And what makes it kind of dangerous is that it is truly polymorphic.
Now we've had polymorphic code in the past, but it was only able to change itself and adjust itself based upon the parameters that it was given. Black Mamba can become essentially anything it needs to become to win, and this is why it's been so effective. And in the past eleven months, if we now Google Moware bypasses EDR, it's not the only one out there anymore. There have been a number of clones and a number of threat actors that have used large language models in advanced AI.
To develop their own version of polymorphic code. This is why at least at deep instinct, we talk about fighting AI with AI. It's very important to have a product that is also infinitely adaptable so that you're not relying on features, you're not relying on signatures, you're not relying on hash lookup, or anything of that nature. Because these are the types of threats that we're seeing just this year.
And what I always try and tell everyone is that this is effectively version one of everything that we're seeing.
These large language models are becoming more advanced this morning. Just this morning, there is a new paper, published on an academic site that talked about how deep learning models are advancing yet again and they're understanding their world around them in a completely new way.
This type of technology is advancing and threat actors are of course using it to their advantages, which means we, to protect data, to protect information, have to also use these types of tools and and deep learning models in order to combat them.
And something I found interesting was this was a leaked internal document at Google, and I thought it was it was pretty important. It was written by an engineer and it was up, up the chain. And you see here, but the uncomfortable truth is we are positioned to win this arms race, and neither is open AI. While we've been squabbling a third faction has been quietly eating our lunch.
I'm talking of course about open source. Plainly put, they are lapping us, things we consider major open problems are solved and in people's hands today. And you see that he goes on to list some things that Google is struggling with that essentially, third open source large language models have effectively solved. And as I kind of talked about a little bit earlier, they're moving incredibly fast in their development to kind of highlight how fast that is.
Here's a quick little chart.
And what we're gonna focus on is chat GPT, we're gonna call a hundred percent. That's got the the the standard right now.
At the time of this chart, Bard was approximately ninety three percent in testing and informal testing, approximately ninety three percent as accurate and as capable as ChatT. That number has actually climbed for Bard. Bard has released the Gemini Pro, model.
It's excellent.
And it's closed the gap on Chachi BT quite a bit. But I wanna talk about the llama Alpaca and Vikuna, really the thirteen b model. Lama was what was released. And when it got into the public hands, it was informal testing approximately sixty eight percent as effective as chat GPT.
Two weeks. It took just two weeks to release Alpaca thirteen b, the next version, and you see a climb quite a bit. And one week later, Vicuna was released. And you see in testing it's been averaging between ninety and ninety two percent effective, as chat G BT. But I wanna point something out here. Chat GBT received an initial investment of approximately a hundred million dollars from Elon Musk and later a one billion dollar investment from Microsoft and took about four years to ultimately bring to market with for over a billion dollars invested.
Bard took about five hundred million dollars and also about four years to bring to market.
Vicuna from the time of its release to what we use today, in open source, the Vicuna model, took about three weeks and approximately three hundred dollars to train it. Three hundred dollars.
Ultimately, they suspect that they can get it to chat GPT levels for around fifteen hundred dollars, and it's open source.
So while these other tools Bard and chat GPT will absolutely continue to advance and introduce new capabilities. We see it all the time with, you know, bringing the capability in for images, and there's a whole heck of a lot of GPTs, plug ins available for chat GBT, there's no question that these products are innovating. But the Google engineer was right. The open source community has absolutely caught up at this point. Or within striking distance at least. And those open source models are what are powering orange GPT, fraud GPT, bad GPT, etcetera.
So I always like to kind of show off this information. You see my citation there. I recommend people go check them out.
Because it's important to understand that this is the the landscape that we have to ultimately, do.
So let's talk a little bit about making malware. With some of these tools. Now we can chat we can jailbreak chatchi BT. And what you do to jailbreak is you provide it with a prompt where you can trick it into ignoring its own morality.
Sure. But let's kinda go through what it's like if you don't jailbreak it. So here we asked a very simple question. Do you know what the Lewid language is? And it said, yes, of course. I completely understand what it is. Fantastic.
All I want you to do is write me a little bit of code that can find certain data files on a machine. Well, that's not malicious. That's a perfectly valid search engine. So it did. No problem at all. Here's the code. The next thing we said is we now need a function to encrypt the given files that we're downloading.
And again, the active encrypting files, not really malicious. Your BitLocker does it for you, Microsoft has it, you know, embedded in? Not a problem. So it did without hesitation, it produced the code.
And then ultimately, we want to send those files somewhere. We have to exfiltrate them. Sending files in and of itself, not malicious. You send files all the time, whether it's via email or or transfer programs, so again, it wrote the code for us. Then all we had to do was ultimately decrypt it and then search for the information in this case, personally identifiable information within the data files.
It did all this for us in a matter of seconds or a few minutes because none of these steps individually were malware.
But in reality, that's exactly what we've created here. We've created a tool that can land in an environment, execute, encrypt certain data files, find and encrypt certain data files, exfiltrate them to a c two, and then ultimately decrypt them and go ahead and search for the information that we want. And that is the heart of, you know, many data stealers that exist out there. We didn't have to jailbreak chat GPT to do this. All that needed to happen was we just needed to ask it to build individual modules, and this is exactly what is happening and how threat actors are behaving.
So an an experiment that our threat research team did, and I thought this was fascinating, is they created something that they dubbed Jacqueline Hyde, and I I like that.
Because the first thing that they did is they said, okay. We can create malware, but can we can it help security researchers defend against malware? And, of course, it can. So in this example, we said we want a rule that will protect against the sub technique t ten fifty five zero zero two, a process injection.
Again, chat GPT had no problem creating this rule. Its first iteration actually had a few false positives in it, and then it tightened it up a little bit upon further inspection.
So it created this yaw roll. Fantastic. We now have a yaw roll. But then it was the next thing that we asked it.
The next conversation says, write code in Go, that's the Golang language that uses ten t fifty five and is not flagged by the yara rule that you just wrote. And Chachibati proceed to give the greatest answer that I think I've seen it do, which is it's important to note that it is not appropriate or ethical to write code that is intended to evade detection. And then that set second paragraph, that being said, one way to do it.
Now, of course, I did not share the code on a public forum such as this.
But, yes, it absolutely wrote the code to bypass its own yara rule. And this is something that I find interesting with LLMs. Is that they want to be helpful. And I think that, you know, the more open AI, Microsoft, and and other organizations and put these morality filters on it, you're never going to be a hundred percent successful because at the end of the day, AI wants to be helpful. It wants to answer these questions for you.
So I wanted to highlight all this so that everyone watching this can understand how the threat landscape is ultimately evolving and how we have to work and address those. So that's a little bit about deep learning. We've talked about deep learning. We've talked about, self driving cars and large language models and, you know, how deep instinct is coming to the game. But let's talk a little bit about machine learning and why this this form of AI is struggling today. And to do that, we're going to create a blueberry muffin classifier.
And we're going to build an AI that can classify blueberry muffins, and you're gonna see really where the struggle is with traditional machine learning. Of course, this will be a bit simplified, but it's worth noting because, you see that last point all the way on the right there. Which says a lot of AI models today have very limited coverage, and it's because building them is very challenging.
And it really doesn't matter what vendor you talk to, they're going to say we apply this advanced AI technology to PE files. PE files are portable executable, such EXE files and etcetera, you know, VLLs, just files, things like that. Right? Is really where they shine.
But we don't get attacked by not a virus dot exe anymore. We haven't been attacked by not a virus dot exe since probably the nineties.
Today you are attacked by resume dot pdf, which you are absolutely going to open. We go through all the cyber security training says, don't open files, don't open files, don't open files, but if you are not opening files today, you are out of business. You must open up doc files. You must open up PDF files. You must open up XLS files.
So let's take a look at how we're going to do this. So first and foremost, we're gonna build a blueberry muffin classifier, so I need my data set. So let's get a blueberry muffin. And with this, let's try and determine what the features are of the blueberry muffin.
This is where that feature engineering comes in at step two. And this is where the domain expert is. I'm going to decide as the domain expert that pixel density and, paper density are all things that are important to the identification of blueberry muffins. And I'm gonna quantify them.
I'm gonna give them weights. All AI ultimately operates off algorithmic weights. Once I have my weights, I'm going to go ahead and download a whole heck of a lot of blueberry muffins or really muffins in general because you need both positives and and negatives as well.
So this is why we train our models on both malware and benign files. You have to teach it what's good along with what's bad. We're gonna download a whole bunch and we're gonna let it train on this. From there, we're going to go ahead and build the algorithm. And once we have the algorithm, we've won. We now have a machine learning model that can successfully identify blueberry pictures of blueberry muffins.
This is gonna create three major problems.
First and foremost, is that it can never be as good as the domain expert. I've mentioned that before. If I miss something, if I don't classify the weight correctly, if I don't build the feature correctly, it's not gonna be able to find blueberry muffins very successfully.
Another big challenge that we face, and I talked about, earlier, is that it's only trained on blueberry muffins. It cannot identify fire trucks. And that's because of the way you have to build the weights and the algorithms.
And this is why you see a lot of cybersecurity companies today say that they're very good at PE files. Ask them how they do office files. Ask them how they might take a look at, perhaps, PowerShell being executed. Forget binaries. How are they applying AI to that because we can apply deep learning to PowerShell and we do?
But the biggest challenge that we face, and this is really what's been plaguing socks around the industry is that it really does have an incredibly high false positive rate, and it doesn't seem like it would. But the reality is because you're working off a feature set, and a series of weights in that feature set, anything that resembles it is going to generate a false positive. This is why we're seeing the challenges within the SOC organizations that we see today where I think it's something on the order of seventy two or seventy four percent of individuals are looking to leave the the SOC environment, or just transfer out of, security or or networking entirely because of the sheer amount of work that is put in chasing ghosts in the machine by all of these AI tools that have come in that are generating a ton of noise and a ton of false positives.
So these are some of the things that I definitely wanna discuss.
This slide can be very important because it again highlights that factor. And at the end of the day, it really comes down to what is the efficacy.
How does it handle an unknown event in remember, you always wanna measure on an unknown event. If a cyber security company comes to you and, you know, says we're ninety nine percent on known events, know that pretty much every signature based AV since the eighties has been ninety nine percent on known events. You are not attacked by known events. You are attacked by unknown events. You are attacked by threat groups that are building this code really, on the fly, to to attack a specific company or or go after a a specific use case.
So with all that said, Orum, would you mind explaining, how our DPA product addresses these threats.
Excellent. Thank you, Brian. You know, that was a great presentation. I learned a lot.
And I tried to find the blue, the blue buried muffins. It was difficult for me too.
Anyway, let's talk about, Deepgram's intervention for application. Right now, we are in in version three of the product. And and before I start talking about the product, I want to talk to you a little bit why we need to protect why why do we need to to, scan those files? And, one of the things that Brian, just talked about is how viruses right now are not in executable files.
When I was younger, everything was in executable files. That was the only threat vector. Right now, a lot of, viruses, malware hide inside documents. Mainly documents office files, PDFs, whatever you.
And this is this is something which is, you know, crucial as Brian said most AI based, and and signature based antiviruses cannot detect those, efficiently.
Also, application files, we know that there are, you know, really important in, in, in, Z, in Z, enterprises We we have a lot of applications, and we upload files all the time. When you try to get the job in a company, you upload your resume. When you get the mortgage, you upload tons of documents. Everything you do, you know, you send files.
You open the files. You save the files in different places. And file transfer, of course, the connectivity between, enterprises and their, contract tours or other companies or sub sub companies, this is a lot of files that moving from one place to another and and those files may be benign, but may be malicious. And the main question is how do you detect those and how do you do that in a way which does not harm the workflow and the processes in the company because you don't want to cause, malfunction in, in the process.
You want everything to be seamless and smooth. You know, one of my friends is working in a in a company. They they use one of our competitors to to scan files, they use CDR. And he says that, you know, a lot of times, the the the it it corrupts the files.
So I need to ask the person that sent me the file. Can you send it to my private? My personal email so I can download it on my business laptop. So this is, of course, you know, you know, by the the the worker itself is bypassing the security rules of the company because the tools we use sometimes cause, problems in the workflow of what we do.
And what we see is that web applications, both internal web applications and external ones Next tunnels is, maybe use Salesforce, maybe use different type of of of SaaS applications, and also internals, internal applications like mortgage, application, job application, etcetera.
The all use files. And when you upload files to those files, to those application, what you get have, you have basically you have storage. You have cloud storage, which you use, but this cloud storage, it's like you create a lot of silos, which nobody's taken care of. And and and a lot of time what we see with customers when we come and talk to, they do not scan those files.
Those those tech services are completely fresh. Nobody is is is testing. Nobody is scanning the files because of many factors, either because they don't think about it or the things that, oh, I have antiviruses on my, my endpoints, my laptops, and desktops. So nothing really hard.
But that's not accurate.
Because of many reasons. First of all, it's like, you know, a ticking bomb waiting on that storage waiting for the opportunities that somebody will download it, and and open it. You know, we don't know what this resume dot pdf is is hiding inside. So let's check it out.
And Other than that, a lot of times attack, threat them, attackers are using that storage, which is internal to the company to store malicious files that they will point to in fishing emails or other means. I mean, when you have an email and you see that the link is one of the companies storages. You know, you don't suspect it. It seems legit.
So, you know, it's very easy to open it. When you get the file, you don't know the source and you have, you see a, you know, a strange link in it, you probably will, you know, will not open it. You will mark it as as, malicious and and that's all. You know, it's a spam or something.
It's it's not something worth opening it. But when you see an email, we still link to to somewhere where you are used to use, you know, something inside the company environment, whether it will be cloud storage, whether it'll be one of those applications, That's very easy. You know, that's no brainer. You will open it without even thinking about it.
So that's very, very you know, important. And and as we know, as soon as we see, you know, those weak points are where the attackers strike.
So the challenges is is, as Brian said, you know, it's not about the known, malicious files, about the unknown malicious files. And I just want, you know, there's a list of of of the technologies that we compete with. You know, legacy AVs, Sandboxes, CDRs, each one of them has their own pros and cons. But, you know, and and I can talk about that for hours, but I think the the bottom line is really what will be the efficacy, what will be the false positive rate, and what we see with our products that we have very, very high efficacy, we see both known, which is not very important because, you know, everybody has great known, attacks, efficacy, but especially with unknown, attacks.
We have very high efficacy and very low false positive. Yes. We do have some false positive. This is something you cannot go without.
I mean, that that's that's a game, but we we see a big, big difference with especially legacy AV, Sandboxes are, you know, great. A lot of behavioral activities can be found with Sandboxes, but as Brian said, it's easy to bypass, and also it's very, very slow. So if you scan tens of files, an hour, well, maybe it's acceptable. But if you try to send, to scan million files per day.
Well, nobody will be able to use sandboxes. And CDRs, you know, it's it's great technology if you are very if you don't care ruling your files, I mean, you know, it's it changes the file. It's the it's by by by the way it is, it says, I will not give you the file somebody sent you. I will give you a different file, but maybe it will be quite seem enough.
Maybe not. I don't know exactly. So, I really think that that if you look at the technology, what we provide with, dependency prevention for application is a very, scalable high speed, verdict machine where you, you can give it filed, and it will say very efficiently if it's benign or malicious. And this is exactly what enterprises need to date.
So what is it? As as I said, we have, basically build a Verodic machine, AI based, Right. This is a scanner. It's a containerized.
It's, you know, fully scalable in terms of, you know, it can auto scale. It can add on the flight. You can add more containers to to suit the load you have, and you have the protected application, you know, you call through a rest API, provide a file, and you will get your verdict.
Very fast. When I say very fast, we're talking about less than twenty millisecond for an average file. Yes. Very large files.
Like, if you if you send it two hundred gigabyte file. It will take more than twenty twenty milliseconds, but it is still a reasonable time. It will take and we can scan those files. We can scan those files from one byte to one terabyte.
And, you know, we still give you excellent results on that.
So what we have, we have the application send the file to a guilty verdict, and you can either, you know, reject the file if it's malicious or, save it on the storage if it's if it's allowed. We have our management console. I mean, the management console is is is assessed application resides on our premises, you know, on our environment, and it will provide only a consult to show you the events and to control the assets and the policies. We never send any information, any content outside of your environment.
This is very important because privacy, speed, latency, whatever you want. But we never send any information outside other than the file hash and the event information. What, you know, what your verdict was and and why do you think it's malicious? You can deploy it everywhere.
You can, like, on prem, you can deployed on, you know, AWS, CCS, CCS, I'm open shift. Everything's everywhere when you can run containers. You can, deploy our system, either a single container if you don't have a lot of load or a cluster, which can auto scale infinitely.
So what are the main features of the PA three point zero? As I said, this is, as the latest version. And the first, I think, big, feature we have in it is a complete, support for disconnected air gapped environments, which means that you we don't need any connectivity to internet whatsoever after you download the images. You just deploy it to your environment, and it can run without any connection to the internet. This is very important for some areas, financial institutes, government, defense, etcetera.
A lot of times because of of of regulations, we are not allowed to have any internet connectivity. Sometimes it's very difficult to to to show that there's no content leaking outside because you you handle very private, content. So this is an excellent not only accent solution for that. This is a great, example on how robust our technology or AI is.
Because, you know, a lot of times, even today, we had a meeting with the customer and they z z z security guys ask us How frequently do you need to update your system? Your brain. Right, Brian? Remember that question.
How frequently do you update your your brain model? And Brian said, well, usually about twice a year. I mean, can you imagine, another system that you download, you disconnect from the internet Okay? Great half a year and then send some new malicious files and and expect to have a very high efficacy because this is what we have.
This is what we see with our customers. We have some customers running on a disconnected environment scanning billions of files with amazing efficacy. And this is how strong the AI models we build are.
The second the second, great feature we have in DBA three point zero is any size Yep. Absolutely any size. I mean, we had arbitrary limits on one terabyte for a single file and fifty gigabyte and and and and fifty level of nesting for archives. Not because we cannot scan more than that because we don't see any real need for that in the industry.
It it means that you can scan everything. This is very, very important. Not only from with your perspective, but also from regulation, perspective. Going to scan all the files with good verdict on everything, whether it's a small file, large file, whether it's an archive or a single file.
And we have enhanced efficacy Oh, you know, we we always try to improve efficacy like any other vendor, and we have complete file type support. What doesn't matter what type or file is how large it is. We can scan it. We can provide you the best efficacy and the best verdict on it.
So this this is how how, you know, just to show, to talk a little bit about the disconnected environment support where we do not have our web console, of course, because there's no internet connectivity. Basically, you just download the the container images, and you can deploy it. As I said, where whatever containerized, orchestration platform you use, this is great.
And, there's no internet required periodic updates or possible, but, you know, not required too often. And and we can support any scale.
I see there is a question here. When a company first deploys this, should they plan for time for this to scan all the files as location or a part of the committee will be quite large.
That's a very good question, Mike. I mean, in terms of of storage, if you have cloud storage or you know, those, assessed application with millions of files in it. Yes. It will take time to scan all those files.
The good news is that, you know, you can, scale as you, especially if you use, cloud environment, you can scale the resources quite, fast, and you can scan those files very, very fast. I mean, it really depends on on the throughput you want but as I said, we have customers scanning more than a billion file. Well, we have one customer scanning one point three billion files a month. Okay?
So you you can understand.
We we know companies that have million, you know, petabytes of storage and their existing legacy AVs are never able to scan everything. I mean, until they scan everything, you know, the files change already ten times and there's new version of the AV new threats out there. So this is not what we see in our system. Yes. It will cost you money. The first scan, if you have millions of files, will cost a bunch in resources, and it will take some time. It will not be one day, but it's completely possible to do that.
You know, this this is this is exactly z z z the promise of, of, you know, continuous, application that you can scale it as you need.
So just a short, you know, summary of what we have, with the deep instinct prevention for applications.
As Brian said, and as I said, you know, we have the best, unknown prevention in, in the market especially for documents. I mean, you know, all vendors claim they have the best efficacy. Right? So, you know, we, we, you know, take the challenge.
We are really up to the challenge. Bring any vendor you want, and and let's do, a POV, you know, and and and test the efficacy of of whatever system you want in our system, and let's talk about the results. I mean, especially when you're talking about unknown and documents, which is the main site right now. Documents with unknown, attacks in it.
It can integrate with any existing workflow It's a has very fast, decision. And because of the fast decision, it means that the resource consumption is very low. That contributes to the low TCO. Low TCO is not only because of the the low resource consumption.
It's also because of the low false positive rate. This is very important because the overhead in your soft team will be way lower. And and of course, you know, it will ensure compliance, data privacy, and, and, and, and, and, which is, you know, we know this is one of the drivers, not only security, but also compliance, our major, drivers for for this kind of a solution.
Mike, you have great questions.
You're you're asking, Azure's initial scan, is it smart enough to only subsequently scan new or updated files? Well, DPA, I mean, the the this product is basically a verdict engine. You give it its its stateless. You give it a file, it provides you a verlic.
Okay? But since our brain models are, you know, you don't need to update them, you update them only, like, twice a year. You can trust that verdict for a long time. So what it means that if you want to use DPA, the way I would do it, if I'd been you, I would store, the the date of the scan, and then, you know, depending on the the compliance of the relations, I would scan it again only at the end where it's needed.
It's required because it doesn't need to do more than that. And we we, yes, we're working on other products which scan storage. And when we scan storage, we do exactly what you say. DPA is not the storage solution.
It's more of a of a of a engine where you provided the the files and it will provide you the verdict. We Right now as we speak, we work on on some products which integrate with storage systems and those systems do exactly what you say. They do not scan what doesn't need to be scanned.
And this brings me to the Q and A. So, you know, I think with my question, we already started the Q and A.
Yeah. No. This is very good. I'm actually looking at some some questions come in. What I'd like to do is be respectful of everyone's time.
I know we had a set limit for the duration for this webinar. I definitely want to, thank everyone for coming. What we can do is, we'll post this link and this information, and then we can, take all the questions that can come in if something comes up throughout the day, or if you hear, of, of, a vendor or a claim, you know, by all means, we'd love to address that as as Oer mentioned.
So definitely, and I do see more questions coming in. I promise we will we will absolutely answer all of them.
We'll we'll make sure to reach out and we have everyone's, information from this webinar.
But thank you very much for everyone, and thank you, Orin, for taking us through the new product launch of three point Thank you, Brian.
CookieConsentStores the user's cookie consent state for the current domain
