KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Oh, good morning, everyone. Thanks for, for joining today. My name is Kevin. I'm a senior sales engineer working for deep instinct, and usually I'm quite technical in what I'm trying to speak about with my customers today. I'm trying to keep it a little bit, not too technically, especially because we are talking about deep learning today, which is one of my most favorite topics I would say. And I would love to talk about that for hours and hours and go into all the nitty gritty details, but that's not what we are doing today.
So no worries today, we are talking a little bit about the problems we as a company see with cybersecurity, which are obviously all aware of, but we'll also speak about our approach, how we are trying to solve that specific problem. And to set the stage a little bit, we are talking more about endpoint related security today, because this is our, I would say first approach that we are trying to solve here. And we'll also learn how technology helps in this kind of things. So let's just talk a little bit about the problems that we have that all of you have basically today.
And the problem is that it seems that the pace of a tax kind of outweighs the human ability to interact with it, right? Everyone is expecting to be preached. The question is when, and it seems that due to the shortage of staff, that we have the overwhelming increase in attacks that we see, and also the problem of managing all those events that might occur. It really comes up to a problem where it's really hard to solve. And we always have to remember that we, as the defenders, we always need to defend every single bullet while the attacker only needs one to be successful.
So that's kind of a very hard challenge that we are, that we are trying to solve Europe. Is it even solvable? That might be the question as well, just to reiterate a little bit about the traditional cyber reactive approaches that we still see today out there. And that's, we are talking about endpoint security, a little bit, the signature based approach. You might be all aware of about that, right? And you wear comes out. There's a massive infection. There's security Analyst analyzing these features, you update your environment via signature URIs or whatever, and then it begins all over again.
It's always a reactive approach in this kind of things. And I mean, we, as an industry, we have, we are trying to keep up with that. Not everyone is using signatures anymore. People tend to use more modern technologies because it seems that about 74% of all the mail we have seen, and this year is not even detectable anymore by signature based approaches, which means there are not the best solution I would say, say in that kind of thing.
There's another interesting thing, Al, although about that, because in the last years we have seen that another topic came up pretty, I would say pretty prominent. Everyone needs to do EDR XDR is now the new thing, right? We need to detect, and we need to see everything. We can go through all the data and maybe we are able to, you know, solve one of the problems that we might have this here today is not about bashing EDR or XDR or rendering the useless, telling our story about how our solution is superior to that.
We are trying to add value to this and I would always recommend, and we all can agree. I think on that, that a multi-stage approach insecurity is always necessary, right? Quite interestingly, the university of perio in Greece this year revealed this very, very interesting study.
Again, it's not about bashing anything. It's just talking about that. It's not the silver bullet. It seems to be EDR XDR solutions. They tested real word scenarios with basically all of the vendors that are there on the market today and they were successful. I don't know if that can make you wonder or make you surprised in that kind of thing. And this kind of leads to the problem that we have here. And let me give you another example about ransomware. Now it comes back a little bit to the Y 20 milliseconds are very important and that kind of thing.
If ransomware spreads and goes on your system, a user clicks on an email, a user executes and executable or whatever it takes about 1.5 seconds for the ransomware to start its action and to encrypt the machine. And if the attacker is very motivated and usually they are because they want your money or your intellectual property, it takes them about three seconds to spread on their whole systems takes about 15 to 20 seconds to infect all the other systems. And then yeah, the attackers move literally, and we are basically screwed. That's the problem here. And also what attackers are also doing.
They are not only stealing your data, basically. They're also renting your machine and there comes the double in the triple extortion. So they tell you that they encrypted your data. You can pay for that. If you don't pay for the, for the data, they will just leak your data. That's the business model that they have currently today and the investigation in all of that, what happened basically that this can take months, right? Sometimes years for that. So the idea really is, and I mean, yeah, this guy is mad because he has been encrypted. Obviously the idea behind that is to not let this happen.
That's the whole story around our company. And let me tell you why deep learning has been around for some time actually. And you all might be aware of that. Netflix is using it for its recommendation algorithms. So if you watch a series and you like, and you like that series, you can recommend it other series. That's the idea behind that. That's also based on deep learning, learning YouTube is using deep learning to earn some really, really decent money.
And the most interesting thing I would say is for example, Tesla, because they are trying to drain deep learning models to make their cars drive autonomously. Very, very interesting.
We, as a company, deep instinct, we also created end to end cybersecurity, deep learning framework because we want to, we want to use deep learning for solving cybersecurity challenges. There are five end-to-end deep learning frameworks in the world with deep instinct, deep learning framework. There comes a six to this space. And what can I do? The interesting, we, we have seen the ransomware example, right? Ransomware spreads it infects. We have the, we assume that we get breached anyway.
So we need to detect everything, the whole idea behind our company and our about the, about the deep learning framework is to prevent those things from happening and deep learning is capable of doing that. It can without even running a file predict and detect that even if it's completely unknown, especially even if it's completely unknown. So that ransomware doesn't need to get run on the system basically.
And just to, to look that up, that's that brings some interesting advantages, I would say, because if you have an implemented deep learning framework on every endpoint in, on every system, in your environment, you are able to not only predict those things, your own, you are also able to lower your false positive rate. For example, those deep learning models we use are trained in a way that they can anticipate files and reduce the amount of events that is coming up to the system. And this can help with your EDR solutions, for example, to just get the events that are very important to you.
And I don't know if someone of you have, have been in one of the workshops yesterday, which was quite interesting. It was about adversarial AI techniques. It seems to be that attackers are now trying to use machine learning to circumvent machine learning based systems to attack environments, right? Because the attackers are keeping up, as we said, they are very motivated in what they are doing. And the cool thing about the deep learning frameworks that we use is that they're very resilient to these techniques.
And let me show you in a very brief example, due to the, to the amount of time we have, why that is the case. So if we compare traditional machine learning algorithms to deep learning algorithms that we use, there's basically, I mean, there are more differences, but one of the most important differences I'm going to tell you about now, if you train the machine learning model, you need data, you need quite a lot of data actually, and you need to do something with the data. And here comes the interesting, the interesting difference that we have here.
So let me just switch it up everything so we can see it better for machine learning algorithms. You need, need to use the data that I said, you need to train on that data. And there's one key point about that.
Here, you need human intervention in this process. So you need a security researcher that understands why malware or why good wear is good. And he needs to determine certain features in these kind of software to train the models. And this leads to a problem because we have the human intervention here again. And this also leads to an efficacy that is not that high actually. So we see about 50 to 70% accuracy right now with machine learning models today for deep learning. And this is about the difference here.
We use all of the data that is available, vast amounts of data and the manual intervention with the researcher is not required. The deep learning model model itself is capable of determining what is important and what is not. And then it anticipates basically what, what I have said before. The interesting and the most important thing about that is this training does not happen in your environment. This happens in our labs, we have pre-trained models and then we basically take a kind of snapshot and put them on every device in your environment, basically. And from there, they are good to go.
They don't require a cloud, they don't require anything else. They can just act on that. And the most interesting part about that is that they do it in 20 milliseconds. So if there is a file that's completely unknown, the model sees and anticipates it and makes a decision in 20 milliseconds before the file even gets run. And if we look back at the example that we have seen this leads to a lot of advantages, obviously, because if we are able to predict and prevent things from actually happening, we don't get screwed. Right.
And to just show you how it looks like, because we can always talk about the theoretics right. I just prepared a short video for you, and it it's quite short. So I'm trying to comment through it, but you can see basically how it works on, on end points here in this case. So I think I need to press the button again. You can see here that the machine is offline and I just took some sware that I downloaded from some sources, put it on the machine and you can see the user is not able to run the file. It gets anticipated. It gets prevented. No harm has been done.
If we say, okay, let's just run those samples because for whatever reason, they are not detected statically. We have a multi-layered approach in here that also prevents these kind of things from happening. So we scan the file, we see what's happening. And then basically prevent that. The interesting thing about the, the end-to-end deep learning model that we use is it's not only capable of doing the detection or prevention of PE files. It can also do that for a vast amount of file formats. We have seen PowerShell here. We see an example where a user tries to run an Excel file.
It did didn't even get started or a PDF file, for example. And that's the, the whole idea behind that using this technology to not let the user run malicious files, to not create events that might be that that might be worked on by your security teams. We are trying to prevent those things from even happening and the technology we are using for that is deep learning. And obviously there's a lot to talk about in this, in this specific topic.
This was just to give you a short overview of what this can actually do and how it might help you and your environment to reduce alarms, to increase the security posture and to do that preventive because we tend to think that prevention is not yet possible or not even possible. And we need to detect all of those things. If there is any questions, we will be there at our booth. And I thank you. Thank you for your, for your patients and have a good day. Thanks. Thanks.
