This post is also available in: heעברית (Hebrew)

The cyber threat landscape is evolving, and current network security measures like signature-based detection techniques, firewalls and sandboxing fail to keep up. With corporate networks becoming a prime target for threat actors, software vendors are beginning to use deep learning and other types of AI in cybersecurity. While deep learning does show promise, industry experts are skeptical.

A new deep learning application that that detects threats as they come in real-time. John Petersen, CIO at Heffernan Insurance Brokers, said: “Endpoint security is not secure enough anymore. You can’t secure every device on the network; you need something watching the network. So, we started as a company looking at what options we had out there that could be monitoring the network that could learn and identify zero-day attacks as they come in.”

The startup company, Blue Hexagon, has developed a deep-learning-powered network security platform, which was able to detect an Emotet infection as soon as it hit one of Heffernan Insurance Brokers’ servers.  

Deep learning and neural network technology are some of the most advanced techniques that can be used to help defend an enterprise from threats. Although deep learning was having a significant impact on image and speech recognition, these techniques were not being used in computer security.

The company’s deep learning platform focuses on threats that pass through the network,. It looks at a packet as they flow through the network and applies deep learning. The Blue Hexagon deep learning models inspect the complete network flow — payloads, headers, malicious URLs and C2 communications — and are able to deliver threat inference in less than a second, according to the company. Threat prevention can then be enabled on firewalls, endpoint devices and network proxies.

However, Gartner analyst Augusto Barros told that “many machine learning implementations, including those using deep learning, can find threats, such as new malware, for example, that has common characteristics with what we already know as malware,”. “They can be very effective in identifying parameters that can be used to identify malware, but first we need to feed them with what we know as malware and also with what we know as not malware so they can learn. New threat types … won’t be magically identified by machine learning.”