Deep Instinct’s Prevention for Applications detects malicious files in transit

Cybersecurity vendor Deep Instinct has announced the launch of Deep Instinct Prevention for Applications, a new antimalware software product that detects and stops malicious files in transit.

Prevention for Applications is deployed via a container within a customer’s environment and does not require cloud access, with device and system agnostic flexibility that allows it to be implemented to protect any application. It advances threat protection beyond the endpoint with in-transit file scanning via API.

Karen Crowley, Director of Product Solutions at Deep Instinct, tells CSO that PDF and Office files remain a large attack target as they are so widely used. “PDF documents can contain text, images, and codes that can be weaponized with hidden scripts that won’t be detected and endanger the organization,” she says. “These files could open a backdoor and allow cybercriminals to access devices and then pivot to other areas of the network.”

Prevention for Applications is capable of scanning millions of files in under 20 milliseconds, according to Crowley. “The “brain” is deployed as a docker container and can be implemented to scan the files associated with a web application or web gateway. A malicious versus benign verdict is returned and the customer has the flexibility to decide how they want to respond to a malicious file, such as quarantining, deleting, or sandboxing,” she says.

Deep Instinct can also send files to its reputation service for analysis to classify the type of threat to improve investigation and response, Crowley adds. “We do not require cloud connectivity to make a decision, the prevention efficacy is just as effective offline as it is online.”

Traditional solutions must see the behavior of the file after it executes to stop it, but by then the damage is most likely already done, Crowley says. “Attackers are getting smarter at evading sandbox and AV solutions and files pass through undetected and land inside the customer’s environment.” With Deep Instinct Prevention for Applications, only the file hash leaves the environment, retaining full customer data privacy, whilst no customer data is used for training or updating AI models, the firm states.

Prevention for Applications is a stand-alone solution available to any organization, with pricing dependent on customer environment and the number of file scans required each day.

Omdia Senior Principal Analyst Rik Turner tells CSO that the technology behind Deep Instinct’s new product looks interesting in that it goes beyond both traditional AV and (presumably) the usual fare of content inspection technology based on a sandbox. “Deep Instinct also says it does not require customer data to train or update the AI models used, which I presume means they are doing self-learning—since deep learning is based on neural network technology, that sounds feasible,” he says. One question he raises is how the technology deals with encrypted traffic. “There’s no mention of decryption, and the suggestion that they only require a file hash ‘leaving the environment’ makes me wonder whether they’re doing inference on encrypted traffic, which is a nicer way of saying intelligent/informed guessing,” Turner adds.

Financial services lack resources, talent to fend off cyberattacks

In a press release, Deep Instinct noted that financial services and other industries with large volumes of data in motion are at high risk from uploaded malicious content that can be detonated upon download from storage. With tens of millions of files in transit each day—including trading data, mortgage applications, insurance claims, and other sensitive information—financial institutions are at particular risk from malicious uploads or downloads.

This has risk has increased in the wake of the COVID-19 pandemic with FinTech transactions rising and threat actors seeking new points of entry into enterprise environments, Deep Instinct added. “In fact, one study found that 35% of ‘never-before-seen’ malware files were hidden in Microsoft Office and PDF files,” the firm stated. 

Deep Instinct’s release comes in the same week as a new survey from Kaspersky, which shed light on cybersecurity in the UK financial services sector. Kaspersky’s survey of 200 IT decision-makers found that one of the key issues facing the sector is keeping up with the ever-changing threat landscape. Only 29% of those polled strongly agree that their company is sufficiently equipped to fend off coming cyberattacks, with more than half stating they lack the internal skills and knowledge to protect themselves against cyberthreats.

“The financial services industry is constantly being targeted by threat actors such as Lazarus,” Kaspersky Principal Security Researcher David Emm tells CSO. “The current threat landscape has evolved considerably, while hackers are developing new tools and leveraging artificial intelligence and automation.” The financial industry is a very lucrative target for cybercriminals as, once they’re in a banking network, they’re very capable of stealing money and data, he adds. “The financial sector is also strictly regulated and must comply with cybersecurity rules. Therefore, it makes data breaches even more complex as fines and remediation costs are involved, as well as loss of customers for insufficient information security compliance.”