Pattern recognition is a highly useful technology in security applications. Chinese airports and some commercial facilities in that country are now protected by biometric recognition systems. In over 60 Chinese airports, for instance, biometric records of travelers are compared against real-time scans of boarding passengers’ faces.

Any autonomous defense system designed to protect which can adapt to changing attack patterns and vectors is worth more than one which bases its decision on static data. But static data is often enough – it’s difficult (although possible) to fool some technologies, such as license plate or those self-same facial recognition systems.

If the threat itself is multitudinous and each instance of threat shifting and of changing nature, however, the problem is a great deal more complicated.

This quicksand of threats is the situation in cybersecurity, as any CISO will agree. Finding third-party systems which can be updated very quickly according to new threats as they appear anywhere in the world is crucial. And even then, knowledge about the nature of zero-day exploits takes a while to become public. “A while” might only be a day or two, or even a few hours, but that period is more than enough for infiltration into even the most secure network.

While the pressure is on the security teams and incident response officers to react promptly to new threats, at the same time there is also pressure from other enterprise management layers for system usability and efficiency. In short, systems can’t be screwed down so tightly they impact productivity, yet can’t be so open that intrusions are commonplace.

The network security intelligence community operates in a reasonably harmonious manner – after all, protecting end users and organizations’ systems is everyone’s priority. As a result, whitelists, databases and cybersecurity research of all types is shared and disseminated promptly, protecting a decent proportion of the world’s networks.

Zero-day exploits are quite a different matter, of course. By definition, one or more parties need to be successfully breached for the new, unmitigated threat to be known. To prevent this type of exploit takes time – not only do policies have to be strict enough to quarantine suspect packets, but internal or expensive third-party resources (not least time) need to be employed to assess what might turn out to be a problem.

Even then it has taken at least partial human-powered manual examination of potential threats to identify new zero-days. But a new solution from Deep Instinct may be the answer to not only emerging threats but the new and difficult to detect variations on older malware.

By employing deep neural network computing structures, the Israeli company has developed a machine-learning based malware mitigation system which has very significantly higher recognition rates than offerings from Kaspersky, Sophos, Siemens CERT, and AVG – to name but a handful.

Based on the DREBIN test, false positives are down to the one percent mark, compared to an average (of the household-names listed above) of over 25 percent.

The technology used breaks down the code of many thousands of known malwares into very small pieces, and pass these snippets through a multi-layer machine-learning structure – a deep learning neural network. Each layer learns from its predecessor’s findings, and the lessons learned by the code accurately identify even new malware instances.

The compute required for this type of processing is very large, of course, and is therefore not suitable to protect your CEO’s Android cell, for instance. So Deep Instinct undertakes its solution’s learning in its high-end, GPU/CPU-powered labs, and disseminate its knowledge to its clients’ endpoints in just a few MB.

In this way, the <5% false positive rate protects even the most open of network’s endpoints – and update frequency can be determined by local CISOs or security policies.

Deep Instinct are winning awards and investor loyalties at an enviable rate. To learn how real AI can help your organization’s fight against cybercrime, get in touch with one of its offices local to you.