MIT Explores How Deep Learning is Transforming Cybersecurity

July 20, 2022 | Justin Vaughan Brown

Every organization and cybersecurity vendor (Deep Instinct included) is in an innovation race against ransomware groups whose attacks are becoming smarter, faster, and more damaging to business operations. Attacks are smarter as they are enhancing their evasive capabilities, using sandbox detection or even adversarial AI. An increased speed of attacks has also been noticeable, with a recent study revealing that the fastest ransomware threat LockBit can encrypt in under six seconds. And researchers have estimated ransomware attacks spiked by 105% in 2021 with threat actors increasingly targeting government organizations and supply chains.

So how can bad actors with seemingly unlimited human and financial resources be combatted? Produced in association with Deep Instinct, a newly released MIT Technology Review Insights looks at one leading solution – deep learning-driven malware prevention.

The application of deep learning to the cybersecurity industry comes at a time when unknown threats pose an especially large risk to enterprises because many tools are unable to detect and prevent them. MIT interviewed Michael Suby, Research Vice President, Security and Trust, at International Data Corporation (IDC), who referenced the evolution of attacks, endpoints, and end users themselves which, “create a trifecta for bad actors to enter and establish a presence on any endpoint and use that endpoint to stage an attack sequence.”

The most advanced form of artificial intelligence (AI), deep learning, has been around for more than fifty years, but thanks to advances in supercomputing and the cloud it is now driving some of the greatest industry disruptions. Deep learning has been at the nucleus of some of the most consequential innovations of the 21st century, powering autonomous vehicles (Tesla), speech recognition (Siri), recommendation engines (Netflix), and linguistic tools (Google Translate), and its use for threat prevention promises to change the cybersecurity paradigm, putting the advantage squarely on the side of defenders.

MIT’s Technology Review examines the origins of deep learning, the costs of cybersecurity attacks, and the adoption of deep learning in enterprise applications. The paper also details key differences between machine learning which underpins many EDR and EPP technologies today, and deep learning, which Deep Instinct is pioneering the adoption of.

The real-world organizational and cost benefits of a real-time prevention first approach are analyzed, and myths around the complexity of day-to-day usage explored. In parallel, Deep Instinct CEO Guy Caspi shares various perspectives in the paper, such as the need to go beyond just new technology approaches. He explains, “If we are to ever get ahead of our adversaries, the world needs to change the mindset from detection to one of prevention.”

While not every organization has been ready to take their first step in investing in a deep learning-powered cybersecurity solution, those that have are already reaping the benefits. MIT met with Mirel Sehic, Vice President and General Manager for Honeywell Building Technologies (HBT), who observed that, “Deep learning outshines any deny list, heuristic-based, or standard machine-learning approach.”

This perspective is shared by other Deep Instinct customers, who have observed in benchmark and proof of value (POV) studies that:

  • Deep Instinct prevents significantly more malware than their existing tools
  • Malware is prevented, pre-execution (sub 20ms), rather than minutes later and post-execution
  • Certain malware delivery vehicles such as Weaponized PDFs or Excel files were not caught by their own tool, but are prevented by Deep Instinct
  • CPU consumption by Deep Instinct is markedly lower compared to existing tools (as this month’s Unit 221B study also noted)

Once implemented, Deep Instinct customers have benefitted from:

  • Vastly reduced alert levels – some have reported that a “flood” of false positives has dropped to “an occasional drip”
  • Greater granularity of threat information using advanced malware classification
  • Reduced team administration, with only a couple of updates a year, rather than every few weeks
  • Regular reports detailing the specific attacks prevented, and an analysis of these threats

Changing established technologies and a SecOps team’s modus operandi is not without some effort, but it can pay multiple enduring dividends.

For a primer on deep learning and how it is being applied to cybersecurity, the MIT study is a great place to start, and can be viewed here.