Home News Carl Froggett, CIO of Deep Instinct – Interview Series

Carl Froggett, CIO of Deep Instinct – Interview Series

Carl Froggett, CIO of Deep Instinct – Interview Series

Carl Froggett,  is the Chief Information Officer (CIO) of Deep Instinct, an enterprise founded on an easy premise: that deep learning, a complicated subset of AI, could possibly be applied to cybersecurity to stop more threats, faster.

Mr. Froggett has a proven track record in constructing teams, systems architecture, large scale enterprise software implementation, in addition to aligning processes and tools with business requirements. Froggett was formerly Head of Global Infrastructure Defense, CISO Cyber Security Services at Citi.

Your background is within the finance industry, could you share your story of the way you then transitioned to cybersecurity?

I began working in cybersecurity within the late 90s once I was at Citi, transitioning from an IT role. I quickly moved right into a leadership position, applying my experience in IT operations to the evolving and difficult world of cybersecurity. Working in cybersecurity, I had the chance to deal with innovation, while also deploying and running technology and cybersecurity solutions for various business needs. During my time at Citi, my responsibilities included innovation, engineering, delivery, and operations of worldwide platforms for Citi’s businesses and customers globally.

You were a part of Citi for over 25 years and spent much of this time leading teams chargeable for security strategies and engineering points. What was it that enticed you to hitch the Deep Instinct startup?

I joined Deep Instinct because I desired to tackle a brand new challenge and use my experience another way.  For 15+ years I used to be heavily involved in cyber startups and FinTech corporations, mentoring and growing teams to support business growth, taking some corporations through to IPO. I used to be aware of Deep Instinct and saw their unique, disruptive deep learning (DL) technology produce results that no other vendor could. I desired to be a part of something that will usher in a brand new era of protecting corporations against the malicious threats we face every single day.

Are you able to discuss why Deep Instinct’s application of deep learning to cybersecurity is such a game changer?

When Deep Instinct initially formed, the corporate set an ambitious goal to revolutionize the cybersecurity industry, introducing a prevention-first philosophy moderately than being on the back foot with a “detect, respond, contain” approach. With increasing cyberattacks, like ransomware, zero-day exploitations, and other never-before-seen threats, the establishment reactionary security model isn’t working. Now, as we proceed to see threats rise in volume and velocity due to Generative AI, and as attackers reinvent, innovate, and evade existing controls, organizations need a predictive, preventative capability to remain one step ahead of bad actors.

Adversarial AI is on the rise with bad actors leveraging WormGPT, FraudGPT, mutating malware, and more. We’ve entered a pivotal time, one which requires organizations to fight AI with AI. But not all AI is created equal. Defending against adversarial AI requires solutions which might be powered by a more sophisticated type of AI, namely, deep learning (DL). Most cybersecurity tools leverage machine learning (ML) models that present several shortcomings to security teams on the subject of stopping threats. For instance, these offerings are trained on limited subsets of accessible data (typically 2-5%), offer just 50-70% accuracy with unknown threats, and introduce many false positives. ML solutions also require heavy human intervention and are trained on small data sets, exposing them to human bias and error. They’re slow, and unresponsive even on the top point, letting threats linger until they execute, moderately than coping with them while dormant. What makes DL effective is its ability to self-learn because it ingests data and works autonomously to discover, detect, and stop complicated threats.

DL allows leaders to shift from a conventional “assume breach” mentality to a predictive prevention approach to combat AI-generated malware effectively. This approach helps discover and mitigate threats before they occur. It delivers a particularly high efficacy rate against known and unknown malware, and intensely low false-positive rates versus ML-based solutions. The DL core only requires an update a couple of times a 12 months to keep up that efficacy and, because it operates independently, it doesn’t require constant cloud lookups or intel sharing. This makes it extremely fast and privacy-friendly.

How is deep learning capable of predictively prevent unknown malware that has never previously been encountered?

Unknown malware is created in just a few ways. One common method is changing the hash within the file, which could possibly be as small as appending a byte. Endpoint security solutions that depend on hash blacklisting are vulnerable to such “mutations” because their existing hashing signatures won’t match those latest mutations’ hashes. Packing is one other technique during which binary files are filled with a packer that gives a generic layer on the unique file — consider it as a mask. Latest variants are also created by modifying the unique malware binary itself. This is finished on the features that security vendors might sign, ranging from hardcoded strings, IP/domains of C&C servers, registry keys, file paths, metadata, and even mutexes, certificates, offsets, in addition to file extensions which might be correlated to the encrypted files by ransomware. The code or parts of code may also be modified or added, which evade traditional detection techniques.

DL is built on a neural network and uses its “brain” to repeatedly train itself on raw data. A very important point here is DL training consumes all of the available data, with no human intervention within the training — a key reason why it’s so accurate. This results in a really high efficacy rate and a really low false positive rate, making it hyper resilient to unknown threats. With our DL framework, we don’t depend on signatures or patterns, so our platform is proof against hash modifications. We also successfully classify packed files — whether using easy and known ones, and even FUDs.

In the course of the training phase, we add “noise,” which changes the raw data from the files we feed into our algorithm, in an effort to routinely generate slight “mutations,” that are fed in each training cycle during our training phase. This approach makes our platform proof against modifications which might be applied to different unknown malware variants, reminiscent of strings and even polymorphism.

A prevention-first mindset is commonly key to cybersecurity, how does Deep Instinct deal with stopping cyberattacks?

Data is the lifeblood of each organization and protecting it needs to be paramount. All it takes is one malicious file to get breached. For years, “assume breach” has been the de facto security mindset, accepting the inevitability that data will likely be accessed by threat actors. Nonetheless, this mindset, and the tools based on this mentality, have failed to supply adequate data security, and attackers are taking full advantage of this passive approach. Our recent research found there have been more ransomware incidents in the primary half of 2023 than all of 2022. Effectively addressing this shifting threat landscape doesn’t just require a move away from the “assume breach” mindset: it means corporations need a wholly latest approach and arsenal of preventative measures. The threat is latest and unknown, and it’s fast, which is why we see these leads to ransomware incidents. Identical to signatures couldn’t sustain with the changing threat landscape, neither can any existing solution based on ML.

At Deep Instinct, we’re leveraging the facility of DL to supply a prevention-first approach to data security. The Deep Instinct Predictive Prevention Platform is the primary and only solution based on our unique DL framework specifically designed for cybersecurity. It’s probably the most efficient, effective, and trusted cybersecurity solution in the marketplace, stopping >99% of zero-day, ransomware, and other unknown threats in <20 milliseconds with the industry’s lowest (<0.1%) false positive rate. We’ve already applied our unique DL framework to securing applications and endpoints, and most recently prolonged the capabilities to storage protection with the launch of Deep Instinct Prevention for Storage.

A shift toward predictive prevention for data security is required to remain ahead of vulnerabilities, limit false positives, and alleviate security team stress. We’re on the forefront of this mission and it’s starting to realize traction as more legacy vendors are actually touting prevention-first capabilities.

Are you able to discuss what kind of training data is used to coach your models?

Like other AI and ML models, our model trains on data. What makes our model unique is it doesn’t need data or files from customers to learn and grow. This unique privacy aspect gives our customers an added sense of security once they deploy our solutions. We subscribe to greater than 50 feeds which we download files from to coach our model. From there, we validate and classify data ourselves with algorithms we developed internally.

For this reason training model, we only must create 2-3 latest “brains” a 12 months on average. These latest brains are pushed out independently, significantly reducing  any operational impact to our customers. It also doesn’t require constant updates to maintain pace with the evolving threat landscape. That is the advantage of the platform being powered by DL and enables us to supply a proactive, prevention-first approach whereas other solutions that leverage AI and ML provide reactionary capabilities.

Once the repository is prepared, we construct datasets using all file types with malicious and benign classifications together with other metadata. From there, we further train a brain on all available data – we don’t discard any data throughout the training process, which contributes to low false positives and a high efficacy rate. This data is continually learning by itself without our input. We tweak outcomes to show the brain after which it continues to learn. It’s very much like how a human brain works and the way we learn – the more we’re taught, the more accurate and smarter we turn out to be. Nonetheless, we’re extremely careful to avoid overfitting, to maintain our DL brain from memorizing the information moderately than learning and understanding it.

Once we’ve got a particularly high efficacy level, we create an inference model that’s deployed to customers. When the model is deployed on this stage, it cannot learn latest things. Nonetheless, it does have the flexibility to interact with latest data and unknown threats and determine whether or not they are malicious in nature. Essentially it makes a “zero day” decision on all the things it sees.

Deep Instinct runs in a client’s container environment, why is that this necessary?

One in all our platform solutions, Deep Instinct Prevention for Applications (DPA), offers the flexibility to leverage our DL capabilities through an API / iCAP interface.  This flexibility enables organizations to embed our revolutionary capabilities inside applications and infrastructure, meaning we will expand our reach to stop threats using a defense-in-depth cyber strategy. It is a unique differentiator. DPA runs in a container (which we offer), and aligns with the fashionable digitization strategies our customers are implementing, reminiscent of migrating to on-premises or cloud container environments for his or her applications and services. Generally, these customers are also adopting a “shift left” with DevOps. Our API-oriented service model complements this by enabling Agile development and services to stop threats.

With this approach Deep Instinct seamlessly integrates into a company’s technology strategy, leveraging existing services with no latest hardware or logistics concerns and no latest operational overhead, which ends up in a really low TCO. We utilize the entire advantages that containers offer, including massive auto-scaling on demand, resiliency, low latency, and simple upgrades. This permits a prevention-first cybersecurity strategy, embedding threat prevention into applications and infrastructure at massive scale, with efficiencies that legacy solutions cannot achieve. Resulting from DL characteristics, we’ve got the advantage of low latency, high efficacy / low false positive rates, combined with being privacy sensitive – no file or data ever leaves the container, which is all the time under the client’s control. Our product doesn’t must share with the cloud, do analytics, or share the files/data, which makes it unique in comparison with any existing product.

Generative AI offers the potential to scale cyber-attacks, how does Deep Instinct maintain the speed that is required to deflect these attacks?

Our DL framework is built on neural networks, so its “brain” continues to learn and train itself on raw data. The speed and accuracy at which our framework operates is the results of the brain being trained on tons of of thousands and thousands of samples. As these training data sets grow, the neural network repeatedly gets smarter, allowing it to be way more granular in understanding what makes for a malicious file. Because it could possibly recognize the constructing blocks of malicious files at a more detailed level than every other solution, DL stops known, unknown, and zero-day threats with higher accuracy and speed than other established cybersecurity products. This, combined with the very fact our “brain” doesn’t require any cloud-based analytics or lookups, makes it unique. ML by itself was never ok, which is why we’ve got cloud analytics to underpin the ML –- but this makes it slow and reactive. DL simply doesn’t have this constraint.

What are among the biggest threats which might be amplified with Generative AI that enterprises should pay attention to?

Phishing emails have turn out to be way more sophisticated because of the evolution of AI. Previously, phishing emails were typically easy to identify as they were often laced with grammatical errors. But now threat actors are using tools like ChatGPT to craft more in-depth, grammatically correct emails in quite a lot of languages which might be harder for spam filters and readers to catch.

One other example is deep fakes which have turn out to be way more realistic and believable as a consequence of the sophistication of AI. Audio AI tools are also getting used to simulate executives’ voices inside an organization, leaving fraudulent voicemails for workers.

As noted above, attackers are using AI to create unknown malware that may modify its behavior to bypass security solutions, evade detection, and spread more effectively. Attackers will proceed to leverage AI not only to construct latest, sophisticated, unique and previously unknown malware which is able to bypass existing solutions, but additionally to automate the “end to finish” attack chain. Doing this can significantly reduce their costs, increase their scale, and, at the identical time, lead to attacks having more sophisticated and successful campaigns. The cyber industry must re-think existing solutions, training, and awareness programs that we’ve relied on for the last 15 years. As we will see within the breaches this 12 months alone, they’re already failing, and it’s going to worsen.

Could you briefly summarize the sorts of solutions which might be offered by Deep Instinct on the subject of application, endpoint, and storage solutions?

The Deep Instinct Predictive Prevention Platform is the primary and only solution based on a singular DL framework specifically designed to unravel today’s cybersecurity challenges — namely, stopping threats before they’ll execute and land in your environment. The platform has three pillars:

  1. Agentless, in a containerized environment, connected via API or ICAP: Deep Instinct Prevention for Applications is an agentless solution that stops ransomware, zero-day threats, and other unknown malware before they reach your applications, without impacting user experience.
  2. Agent-based on the endpoint: Deep Instinct Prevention for Endpoints is a standalone pre-execution prevention first platform — not on-execution like most solutions today. Or it could possibly provide an actual threat prevention layer to enhance any existing EDR solutions. It prevents known and unknown, zero-day, and ransomware threats pre-execution, before any malicious activity, significantly reducing the quantity of alerts and reducing false positives in order that SOC teams can exclusively deal with high-fidelity, legitimate threats.
  3. A prevention-first approach to storage protection: Deep Instinct Prevention for Storage offers a predictive prevention approach to stopping ransomware, zero-day threats, and other unknown malware from infiltrating storage environments — whether data is stored on-prem or within the cloud. Providing a quick, extremely high efficacy solution on the centralized storage for the shoppers prevents the storage from becoming a propagation and distribution point for any threats.


Please enter your comment!
Please enter your name here