Why 20 Milliseconds Matters in Cybersecurity

October 18, 2021 | Karen Crowley

Stopping never-before-seen malware is a race against the clock. In just 15 seconds the fastest known ransomware begins to encrypt. By contrast, the quickest endpoint detection and response (EDR) solutions take at least a few minutes to detect a threat — with many taking hours or even longer. In fact, in the time it took you to read this paragraph it would be too late.

In a matter of minutes, extremely destructive ransomware has ample time to lock down patient zero, install backdoors, and begin moving laterally through the network. And it’s highly likely that by the time the security team is aware of a problem, data will have been exfiltrated and the majority of the network impacted.

The challenge is that most security tools begin their work only after malware has started executing – behaviors are then analyzed to identify the type of attack. This approach not only provides the attackers with ample dwell time, it frequently leads to a high number of false-positive alerts, leaving SOC teams to determine what is a real threat versus a benign alert. The focus after detection is then on understanding what happened, conducting further investigation, remediation, and clean-up – a time intensive and expensive process.

A deep learning-based approach provides an opportunity to prevent threats much earlier and stop attacks before they infiltrate your environment, vastly reducing overall risk.

Why 20 Milliseconds Matters
Speed matters. Today's attacks are lightning fast and the stakes are higher than ever.

Yet, in Deep Instinct’s Voice of SecOps report released last week, one key finding is that it takes 20+ hours for an organization to respond to a cyber incident. There is a better way.

Deep Instinct makes exceptionally fast and accurate malicious versus benign decisions using its patented deep learning technology. This means that threats are blocked in <20 milliseconds; 750x faster than ransomware is known to encrypt. This stops malware in its’ tracks; preventing droppers, artifacts, and backdoors from being installed on the network. By preventing attacks before they execute, Deep Instinct ensures your organization does not become front page news.

For enterprises, this means greater SOC effectiveness, as well as the following:

  • Dedicated time gained back for proactive threat hunting
  • Increased efficiency and reduced downstream impact on EDR by correlating prevented and high-fidelity events
  • Improved security hygiene to focus on strategic tasks like patching, decommissioning, and hardening systems

The Next Stage in Our Commitment to Constant Innovation: Version 3.2
With the latest release of the Deep Instinct Prevention Platform (Version 3.2) we introduced several powerful new features that can detect and prevent some of the most dangerous, fast-moving malware threats to help customers stay ahead of the game. 

Prevention Against Reflective DLL Injection
Fileless malware that loads dynamically, directly from memory, is a serious threat that can circumvent most security solutions and then launch multi-stage attacks. Emotet is one of the premier examples of reflective DLL, as the infamous malware botnet serves as a loader that downloads additional malware like TrickBot (an extremely damaging reconnaissance and ransomware combination which uses static injection). Emotet and other similar malware strains are designed to be as evasive as possible and continually evolve to avoid detection and maximize dwell time.

Deep Instinct prevents malicious DLLs from loading from memory, not just from disk , ensuring attacks are stopped from executing on the network, shutting down this critical attack vector. 

We also prevent reflective .NET injection protection, another new heuristic for Windows devices, using the same principle. Deep Instinct detects and prevents .NET executables being loaded into processes from memory space. 

Anti-AMSI Bypass
We have also added anti-AMSI bypass protection. The Windows Anti-Malware Scan Interface (AMSI) is a standard that allows applications and services to integrate with any anti-malware product present on a machine. AMSI is designed to help security teams deal with attacks that use obfuscation and encryption to avoid detection, such as those abusing PowerShell. However, malware developers have created fileless attacks that can bypass AMSI, as well as living-of-the-land techniques that exploit native Windows applications. Our new heuristic provides protection against attempts to bypass Microsoft’s AMSI on Windows devices. 

Deep Instinct Prevention Platform. Meet Attackers Earlier.
The Deep Instinct Prevention Platform is powered by the world’s first and only purpose-built deep learning cybersecurity framework. The technology is based on a deep neural network that mimics the learning and logical capabilities of the human brain. Deep Instinct’s static analysis engine prevents >99% of known and unknown malware, zero-day threats, and ransomware, for endpoints and beyond.

  • Deep Instinct for Endpoint, the company's flagship offering, provides additional dynamic analysis layers beyond static analysis, including behavioral and reputational, to prevent the most advanced malware and multi-stage attacks. Deep Instinct for Endpoint protects against fileless attacks such as malicious code injection, in-memory, and shellcode scripts, as well as extremely advanced attacks like Adversarial AI.
  • Deep Instinct for Cloud stops malicious files from uploading to, or downloading from, public or private cloud storage, including AWS S3, Azure Blob, and Google Cloud Storage.
  • Deep Instinct for Applications scans the files associated with custom applications and workflows to prevent infected files from being uploaded to, or downloaded from, their end-users or customers.
  • Deep Instinct for Web Gateways protects organizations by preventing malicious files from downloading onto the network by end users who are browsing the internet.

All prevented events are enhanced with contextual data including the malware’s classification and are mapped to the MITRE ATT&CK framework. The Deep Instinct Prevention Platform is designed to be incorporated into an organization’s existing security stack and tightly integrate with solutions like EDR, SOAR, and SIEM. Deep Instinct works seamlessly with existing security processes to lower risk and improve an organization’s overall security posture.

Deep Instinct’s <20ms time to prevention combined with our <0.1% false-positive guarantee allows our customers to prevent known and unknown malware – before systems are infected. This means that SOC teams can focus on tasks that improve productivity and spend more time threat hunting to stop the most complex, sophisticated, and aggressive attacks.

We’re extremely proud to introduce this new and improved version of the Deep Instinct Prevention Platform and would be thrilled to give you a demo.