There are a lot of buzzwords in the world of cybersecurity marketing. When an emerging concept hits a certain viral tipping point, it seems like suddenly all vendors are using the same buzzword—which just makes everything more confusing. Artificial intelligence and machine learning are ubiquitous in cybersecurity marketing—and often confused with each other and with deep learning. A recent report from MIT clarifies the distinction between the three, and emphasizes the value of deep learning for more effective cybersecurity.
The MIT Technology Review Insights report, titled “Deep learning delivers proactive cyber defense,” is sponsored by Deep Instinct—a cybersecurity vendor that developed the world’s first and only purpose-built deep learning cybersecurity framework. The company—which announced a shift in executive leadership this week with Lane Bess, former Palo Alto Networks CEO and Zscaler COO, taking over as CEO and Guy Caspi, Deep Instinct’s co-founder and former CEO succeeding Bess as Board Chair and transitioning to the role of Chief Product Officer—is on a mission to demonstrate that prevention is better than detection and response, and that deep learning is the differentiator that makes it possible.
Karen Crowley, Director of Solutions Marketing for Deep Instinct, said, “This paper from MIT is important for the industry to explain the key differences between machine learning and deep learning. There is a perception that all AI [artificial intelligence] is equal, and organizations need to understand the differences in the outcomes they can achieve. Deep learning provides a game-changing methodology for preventing attacks before detection and response.”
Artificial Intelligence vs. Machine Learning vs. Deep Learning
The MIT report explains, “The terms “AI,” “machine learning,” and “deep learning” are often confused. The technologies are separate but related. AI is a broad umbrella that encompasses a number of technologies, including machine learning and deep learning. Machine learning is a subset of AI, and deep learning is a subset of machine learning.”
In other words, all of it falls under the term “artificial intelligence,” and strives to simulate human intelligence or problem-solving in some way. Machine learning goes a step further with a model that is capable of learning and improving based on additional data. Deep learning takes machine learning to another level—adding a layered neural network capable of working with exponentially larger volumes of both structured and unstructured data to process and learn at a significantly higher scale.
Prevention and Proactive Cybersecurity
It’s important to understand the differences and not simply assume that all AI is created equally, though, because when it comes to cybersecurity, deep learning is capable of delivering benefits the other two can’t match.
Much of the difference comes down to the data and how the different models are trained. Machine learning typically trains on about 2% of the data—focusing on things like headers and metadata. By contrast, deep learning absorbs 100% of the raw data.
The deep learning model ingests both what good data looks like and what bad data looks like—and it does so at exponentially greater scale. Millions upon millions of samples are fed to the neural network, which enables the model to have better context and greater accuracy in being able to predict behavior and proactively recognize threats with very few false positives.
Deep learning has proven especially effective in the fight against ransomware. Once the ransomware payload is executed and a victim’s data is encrypted, it’s essentially too late. Detecting and responding at that point won’t do you any good. You need to be able to prevent the ransomware encryption in the first place. Deep learning enables the model to understand the DNA of what an attack looks like and accurately predict suspicious and malicious behavior. It doesn’t need to have seen that specific attack before, and it doesn’t need to have a full understanding or signature of how the attack works or expect the attack to follow a prescribed scenario. The ability to predict and prevent ransomware attacks before they execute is crucial.
“Deep Learning is critical for cybersecurity to get ahead of attacks like ransomware,” agreed Mirel Sehic, Global Director of Cybersecurity for Honeywell. “We need to beat attackers at their own game. Deep learning provides that opportunity by understanding the DNA of files and immediately determine if there is malicious intent before it can land and infiltrate an environment.”
Proving the Point
Deep Instinct understands that there is a lot of confusion and misinformation to contend with—both for deep learning relative to other models of artificial intelligence, and for the concept of prevention as opposed to the prevailing mantra of detection and response.
This MIT report is one example of Deep Instinct striving to demonstrate the value of deep learning and educate the market, but it is not their first. Deep Instinct also recently engaged with Unit 221B to conduct a thorough, independent test to evaluate their threat prevention capabilities.
Deep Instinct passed that evaluation with flying colors—and turned Unit 221B CEO Lance James from a skeptic to a believer. The Unit 221B team threw everything they had at Deep Instinct—including custom ransomware using proprietary techniques—and Deep Instinct stopped them all.
Take a look at the MIT report and the results of the Unit 221B evaluation and decide for yourself. Perhaps deep learning can break the assumed breach mentality and help organizations actively prevent cyberattacks rather than just trying to detect and respond to them faster.