Deep learning is redefining artificial intelligence (AI) and turning it from what appeared to be a lot of over-promise and under-delivery into a powerful engine for the future. This is because deep learning focuses on the “intelligent” part of artificial intelligence and creates a system that can autonomously learn how to do its task better. It does this by looking at the entire data set and then using inference engines to apply that learning as required. For malware, this is a combination of a blessing and a curse because, like quantum encryption engines, deep learning can be used for either good or bad, and the only real defense against an attack engine that uses this technology is currently a defense that uses it as well.
I recently ran into Deep Instinct, yet another firm that NVIDIA invested in; it is using NVIDIA’s GPU-based AI deep learning technology. In a way, this is like seeing the Wright brothers try to get off the ground and then stepping to the other side of the hill and finding an electric flying car. This technology isn’t just disruptive, it appears to obsolesce every other anti-malware product currently in the market.
Deep Instinct isn’t just a showcase AV product, though. It is also a showcase of what deep learning can accomplish.
Two Clear Advantageshttps://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
What Deep Instinct demonstrated was the ability to far more rapidly and far more successfully identify and block an attack. Like most modern systems, it looks for behavior, but it steps solidly away from scripts that have been particularly useless against polymorphic viruses that evolve as they spread. But deep learning provides a far more intelligent way to identify an attack, mostly by looking at the massive number of successful attacks as known malware in the wild and then looking at what the software does to determine if it is malware or not. It also has a deep understanding of legitimate programs, which aren’t designed to evolve over time or hide and can be much more easily identified. Thus, interestingly, it is not only better at identifying malware, but it is far better at avoiding false positives and correctly identifying legitimate applications.
In head-to-head tests, I understand this solution significantly outperforms even newer systems that use machine learning solutions, like Cylance, which itself appears to significantly outperform more traditional AV products.
The other advantage is that this dramatically reduces the need for patching. Rather than waves of patches coming in on a weekly or even daily basis, generally updates only occur a couple of times a year when the inference engine running on the local device needs to be refreshed. That massive drop in patching really got my attention.
The biggest point I want to make here is just how much more intelligent a deep learning-based AI solution is than anything else we currently have available. And realize, like any tool, these new systems will be used to help us and to harm us. Deep learning scam applications or attack systems could, with relative ease, overwhelm most defenses we have in place because, by their very nature, they would know the common vulnerabilities to those systems and be able to identify them through their behavior. This means that within seconds, an attacking system would know your vulnerabilities and be able to execute multiple attacks based on the known probabilities of success for each. The only viable defense, other than air-gap, would be a deep learning-based defense that was able to determine the same exposures, report out to get them fixed, and be able to position defenses tactically to block every AI-generated attack.
Deep learning is a game changer to a degree that I just didn’t see until I looked at this product and it will have an impressive impact on a number of industries.
Wrapping Up: Huge Step Forward in Security Capabilities
I’ve been in and around security for much of my life and I’ve seen some amazing and disturbing things in that time. I rarely get excited about a security product, but I got excited about Deep Instinct because, on paper, there is nothing in its class and it is the first time in years that I’ve seen a product attempt to get ahead of the problem rather than just deal tactically with attacks. It is a young offering and I’m sure, like other young offerings, it will need to mature but given that it appears to be better than anything else I’ve seen recently, by a significant margin I might add, it is hard to imagine how much more impressive it can be once it fully matures.
It is worth checking out, but keep in the back of your head that deep learning in general, if done right of course, is a game changer and products that use this AI approach have a high probability of being massively better than their more traditional competitors. In short, using technical terms, deep learning is about to disrupt the crap out of a lot of segments in the next few years. Deep Instinct may, therefore, be our digital canary in a coal mine warning of the disruptive changes to come.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+