Q&A: How Deep Instinct uses ‘deep learning’ to detect unknown malware on laptops, smartphones

Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018.

The Tel Aviv, Israel – based company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to the level of every computer and mobile device of each employee.

Related article: How machine learning stops breaches

The company has been doing something right. Launched in 2015, it has grown rapidly to 100 employees. It has attracted $32 million in venture funding and won a satchel full of industry awards, including being named by Dark Reading’s “most innovative startup” at Black Hat Las Vegas last summer.

Deep learning is an advanced branch of machine learning and artificial intelligence. It works by sifting through the oceans of data that course through a company’s network in a series of layers, referred to as a neural network. This layered, systematic approach to making cross correlations is modeled after the human brain.

Once it is switched on, deep learning never stops. The more data fed into its algorithms, the more accurately the system recognizes things it was designed to recognize, in this case fresh malware variants. If that sounds like a gargantuan computing task, it is.


Deep Instinct’s founders not only crafted proprietary algorithms to achieve this,  they also innovated a way to distribute the results (malware alerts) down to the level of personal computing devices.

Jonathan Kaftzan, vice president of marketing, walked me through how these breakthroughs are helping companies protect their networks. For a full drill down on our discussion, please listen to the accompanying podcast. Here are  excerpts of our discussion edited for clarity and length:

LW: What’s deep learning all about?

Kaftzan:  The amazing thing about this technology is that it mimics the way the human brain works. It has the ability to be trained, and then to make decisions and predictions and even display instincts. We built a uniquely designed neural network, and expose it to hundreds of millions of files, some of them legit, some of them malicious. In this way, we’re training it to be able to recognize and identify unknown malware.

LW: Lots of vendors are using machine learning to detect anomalies in network traffic, but you’re extending this to the device level?

Katzkan: Yes, we minimized it into a lightweight agent, of less than 50 megabytes, that consumes less than 1 percent of the CPU processing power, so it can to protect any type of endpoint or mobile device . . . The device agent is completely autonomous and can work offline. You can shut down your mobile device for a month, open it up and the agent will still be effective. We train our solution every few months, when we see a need.

LW: So it is more than running a black list or white list and checking signatures?

Katzkan: Signatures are only effective against the known malware. You need a person to look at the new malware, analyze it, write a signature, and then update the signature. That’s a cat and mouse chase that will never end. Behavior analysis, is an important capability, but it could come into play late after the malware is already running.

Our solution takes a step back and does what we call pre-execution. Before the file runs, we see it, scan it  and in milliseconds make a decision as to whether it is malicious or not, even before the process executes.

That’s a different philosophy, a different mindset, for this industry.

LW: What kind of response are you getting from your customers in the field.

Kaftzan  Absolutely amazing. This is very disruptive technology. We were able to detect and prevent all of the new ransomware in 2017 and even in 2018. We were the first one to detect and prevent MaMi, which was malware specifically designed to attack MacOS. And we were able to prevent Spora, which was very interesting ransomware, 15 days before anyone else found it. Our brain was trained to recognize it almost 10 months before it appeared.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: