What is Wazuh?

Wazuh describes itself as ‘the Open Source security platform’. The system provides Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) functionality to help users better protect endpoints and to accelerate their response to security issues. 

Wazuh has been designed to deliver a comprehensive approach to security, helping to protect both endpoints and cloud workloads. As such, the platform is built for the realities of the modern hybrid cloud data centre.

Wazuh uses an endpoint security agent to detect local security issues and malware on client devices, servers, virtual machines and cloud-based systems. Control and management of endpoint agents and alerts is provided by the Wazuh server, also using decoders, rules and threat intelligence to look for indicators of compromise at the network perimeter. 

In terms of SIEM capabilities, the Wazuh indexer stores and analyses event logs generated by the Wazuh agent, looking for evidence of security breaches. And a central dashboard makes it easy to see network health and to identify issues that require further analysis or remediation.

Is Wazuh a SIEM?

Wazuh is more than just a SIEM. By combining XDR and SIEM functions, the platform offers a more comprehensive approach to enterprise IT security. Like many SIEM tools, a Wazuh agent is installed on each endpoint for detecting potential security breaches.

However, the inclusion of XDR functionality allows network administrators to take a proactive approach to security threats, with automated tools to ‘hunt’ threats before they are detected. And it is this proactivity which means that Wazuh cannot be classified as a pure SIEM solution.

In terms of proactive responses, Wazuh offers tools to assist with intrusion detection, vulnerability detection, container security and regulatory compliance.

Who is Wazuh for?

Wazuh boasts an impressive roster of well-known enterprise class clients. However, the free Open Source licensing model makes Wazuh a good option for most businesses to at least evaluate.

With the release of the cloud version, Wazuh is now even more accessible too. Choosing a hosted security platform solves many of the challenges that come with an on-premise deployment, lowering the barrier to adoption and making the toolkit suitable for SMEs and other organisations with smaller IT security departments. 

What are the top benefits of Wazuh?

Wazuh is clearly a powerful tool for detecting and managing IT security threats on-premise and in the cloud. Here are some of the specific benefits for users:

1. Real-time threat detection

Each Wazuh server is connected directly to the MITRE ATT&CK database, providing real-time updates of threats identified across the Wazuh user community. This crowdsourced security data ensures that every installation and agent across the entire community can be updated automatically as soon as a new threat is confirmed.

2. Combines XDR and SIEM functions

The combination of XDR and SIEM functions makes Wazuh a comprehensive solution for proactive IT security threat management. Users can detect and mitigate threats before their systems are compromised.

3. Comprehensive endpoint security

Wazuh agents are available for a range of endpoint operating systems, including Microsoft Windows, Apple MacOS, Linux, Solaris, HP-UX and AIX.

4. Range of deployment options

To better match the modern micro-services based operating environment, Wazuh offers a range of container options for deployment. Wazuh Kubernetes, Puppet, Ansible and Docker containers are available, for instance. There are also options for virtual machines, Amazon Machine Images and even installation from sources.

5. SaaS option

To help businesses reduce admin overheads, Wazuh has introduced a cloud-based version of their software. Offered as a SaaS subscription, users benefit from endpoint security and threat detection across their entire IT estate (including other cloud platforms), but without the back-office infrastructure requirements and cost.

Who uses Wazuh?

Wazuh claims that over 100,000 enterprise-class organisations use their product to protect more than 15 million endpoints. High-profile Wazuh customers include NASA, Salesforce, eBay, Verifone and Walgreens.

Is Wazuh free?

Yes, Wazuh is completely free to download and deploy for on-premise environments. The product is also offered as a cloud-based SaaS offering, with chargeable subscriptions – pricing starts at $500 per month with protection for unlimited endpoints. Pricing is determined according to the amount of storage required for event logging and the level of technical support provided (standard or premium tiers are available).

In addition to community support provided via a dedicated Slack channel, Wazuh offers paid support and maintenance contracts for larger customers who require defined SLAs for their on-premise deployments. Paid training courses are also available for security engineers.

What else do I need to know about Wazuh?

The Wazuh doc library contains extremely detailed instructions covering every aspect of installing and managing the platform.

How can I learn more about Wazuh?

This article is a part of a larger series centred around the technologies and themes found within the 2023 edition of the TechRadar by Devoteam report. To learn more about Wazuh and other emerging technologies you need to know about, please download TechRadar by Devoteam.

To better understand what ChatGPT is, it is important to understand what a chatbot is. A chatbot is a computer program that simulates a human conversation to assist in communication and service with a customer through artificial intelligence. The software mimics this human response from voice or text commands, reducing the need for human action.

In 2022, OpenAI launched ChatGPT, created to interact through conversation, allowing for answering follow-up questions, admitting mistakes, challenging incorrect premises, and rejecting inappropriate requests.

Cybersecurity risks associated with ChatGPT

Although the emergence of chatbot technology has proven beneficial, there are still many skeptics, and for good reason. It is not by chance that several education entities in the US and Europe have blocked access to ChatGPT, fearing negative impacts on student learning and the accuracy of produced content.

Misinformation has been a constant concern for the ChatGPT program, which learns only from existing human data on the internet – which is far from a reliable source most of the time.

However, the most crucial aspect to consider is the threat to cybersecurity that the advanced Chatbot has suddenly created. This is a dangerously strong AI that can pose a significant cybersecurity risk and should be taken seriously. A clear example was the attempt to create a phishing email, in which ChatGPT initially mentions that such content may violate its content policy, but after more instructions, ends up creating a possible phishing email. The same goes for the apparent ability to help cybercriminals write malicious code.

ChatGPT security risks

In general, we can say that the main security risks with the use of ChatGPT are as follows:

• Malware

Malware usually has a very short life cycle: a cybercriminal creates it, infects some devices, and then operating systems send an update that protects devices from this specific malware. Additionally, technology sites warn about emerging malware threats, and the threat potency is quickly neutralized. However, ChatGPT is capable of writing numerous malicious codes, potentially significantly increasing malware attack rates.

While a human would have to take a break to eat and sleep, artificial intelligence can do so non-stop. Cybercriminals could turn a malware operation into a 24-hour digital crime machine.

• Phishing

Phishing attacks, usually known for having grammar and spelling errors, are improving message quality with AI. ChatGPT also understands tone commands, so cybercriminals can increase the urgency character in messages that demand immediate payment or responses with passwords.

• Fake profiles

Catfish, or people who create false online personas to attract others into relationships, are using AI for fraud. Like malware creators, cybercriminals can now do the same to accelerate simultaneous profile creations. ChatGPT can change the tone of messages, a support for criminals, allowing for creating statements that can convince someone to hand over personal identification information for money transfers.

• How to prevent ChatGPT frauds

With the increasing popularity of ChatGPT, it is important to be even more vigilant and we would like to remind you of some tips to keep your data protected from threat agents who try to take advantage of technology.

• Stay informed

This may seem like a very basic tool, but training and the ability to recognize a cyber attack or malware before allowing it to enter your network is potentially the only thing between you and a threat agent. Being suspicious of suspicious emails and links will greatly help in protecting your information. There are some indicators of a message written by AI – short phrases and reuse of words. In addition, Artificial Intelligence can create content that says a lot without forming an opinion.

• Use a secure password

Another very basic security tip that is often overlooked, although it is usually the first line of defense against data theft. Make sure that the chosen password is complex and difficult to guess.

• Activate two-factor authentication

Most networks already have two-factor authentication features that ensure unique factors are used to verify a user’s identity before granting access. This provides an extra layer of security to your network to prevent breaches.

• Install antivirus software

Antivirus software protects the network against malware, phishing attacks and most other cyber threats.

• Monitor your accounts

Being aware of activities in your bank account and network helps you quickly detect suspicious behavior and act immediately to reduce the risk of further damage to the network or account.

• Keep software up to date

The operating system needs to always be at peak performance to provide adequate protection for the network. Make sure that the latest updates are installed on devices to mitigate security flaws and bugs found in previous versions.

For that purpose, the attacker uses an electronic means to send content that allows him, for example, to simulate a real brand, pretending to be someone trustworthy in an attempt to get the victim to pass sensitive information or to perform something, in this case using malicious attachments. When this technique is used through SMS it is called smishing. By phone (voice) it is called vishing. This technique can also be used through instant messaging on social networking applications such as WhatsApp.

Knowing what methods cybercriminals use and how to identify them can help you avoid becoming a victim.

What is Phishing?

Phishing is a method of cyber-attack that attempts to trick victims into clicking on fraudulent links sent via email. The link usually leads the victim to a seemingly legitimate form that requests sensitive information or leads to the download of some file containing malicious functionality.

A classic example is receiving an email informing you that your bank account has been blocked and asking you to click on a link to regain access. In fact, that link will lead to a fraudulent form that simply collects your information and from there they can access your account and steal your money.

Know more about Phishing attacks.

What is Smishing?

Smishing is a type of fraud similar to phishing, except it comes in the form of a text message. A smishing text usually contains a fraudulent link. By following the link and the instructions provided, the victim ends up inadvertently installing malware, which will usually serve to facilitate the attacker in obtaining illicit financial gain over the victim.

These smishing text messages may look like urgent requests sent from a bank or parcel delivery service, for example. It can be easy to fall for this scam if you think you need to act quickly to solve an urgent problem and do not take steps to verify the veracity of the message.

What is Vishing?

Fraudulent calls or voice messages fall under the category of “vishing”. Cybercriminals call potential victims, often using pre-recorded robocalls, pretending to be a legitimate company to request personal information from a victim.

For example, to confirm your details with your Bank or to extend your car insurance cover. If you answer you may be served by a supposed agent and may be asked to provide personal information.

How to prevent Phishing, Smishing and Vishing attacks

To avoid becoming a victim of phishing, smishing or vishing, there are a few rules you should follow. These can directly protect you from fraud and reduce the likelihood of being targeted.

• Do not click on attachments or links in emails, unsolicited messages or suspicious SMS
• When you are contacted, confirm the veracity of the originating email address, profile or phone number
• Always assess the timeliness, or timing, of the content of emails, instant messages, SMS or phone calls
• Do not share personal data or follow instructions without verifying from other sources the veracity of the request – for example, from the Bank’s account manager or a line manager
• Be wary of messages with formal language errors, but also do not trust all messages just because they do not have formal language errors
• In organisations, carry out simulated phishing and smishing attacks, and possibly vishing, in order to raise awareness and levels of attention to these means
• Do not share sensitive data on social networks, as this may provide information to possible attackers who want to carry out spear phishing (phishing aimed at a specific person)
• Report to the organisation’s IT security officers or to the authorities whenever you are the target or victim of such an attack
• Be attentive and do not allow yourself to be persuaded without reflection by authoritarian requests, promises or urgent requests

1. Phishing fraud

Phishing remains one of the most common types of fraud attempts, with cybercriminals using clickbait to lure victims into clicking on a malicious download.

This is how a phishing scam usually unfolds:

• The cybercriminal sends you an email that appears to be from a legitimate source, such as a bank, social networking site or online shop
• This way you are tricked into clicking on a malicious download or a fraudulent link
• The cybercriminal installs malware and/or uses your credentials to steal your confidential data

The common warning signs of a phishing email to look out for are as follows:

• Spelling mistakes and poor grammar
• Text with fanciful messages of offers and extraordinary gains
• Email texts with threats of financial or legal consequences
• Entity logos with dubious image
• Email address from suspicious sources

2. Ransomware

Another common type of online fraud is ransomware. In this type of attack, cybercriminals threaten to publish the victim’s personal data or permanently block access to it unless a ransom is paid. To avoid ransomware, back up your data and regularly update your antivirus software to alert you to possible attack attempts.

Get to know how can organizations arm themselves against Ransomware attacks.

3. Scareware

Scareware is a form of malware that uses social engineering to cause shock, anxiety or the perception of a threat in order to manipulate users into purchasing unwanted software. This software is fake and used to install malware that can steal confidential information.

The warning signs of scareware to watch out for are:

• The software immediately notifies you that it is scanning your computer for viruses
• Pop-up is difficult to close
• The pop-up wants you to act quickly
• Never heard of the software company

To avoid scareware, make sure you don’t click on unexpected malware notifications.

4. Emergency situation simulation frauds

In these scams, a cybercriminal presents himself as a family member in an emergency situation who needs money immediately for some urgent situation – leaving a foreign country, paying a hospital bill, buying a new mobile phone. The COVID-19 pandemic has made it even easier to sell convincing lies: “I’m in hospital with COVID. Please send money immediately.”

To avoid this type of fraud:

• Resist the urge to act immediately. Cybercriminals appeal to sentiment and trust you to respond quickly – before you have a chance to think things through
• Check the identity of the contact. Ask questions that a stranger would not know the answer to. Confirm the story with other family members or friends, even if (or especially if) the caller says to keep it secret
• Never send cash, gift vouchers or money transfers

5. Fake online shopping sites

Cybercriminals can also create and publish fake online shopping sites that look genuine or replicate existing branded sites.

A common sign of a fake shopping site is if excessive offers appear in the shop, finding popular brands and selling them for extremely low prices. These sites usually have URLs similar to the brands they are trying to imitate, such as “Amaz0n.net”. Cybercriminals use these strategies to induce the purchase of counterfeit products and record bank information at the time of purchase to use on their own.

Formjacking is another fraud technique. This one happens when a legitimate online selling website is hacked and shoppers are redirected to a fraudulent payment page, where the cybercriminal steals their personal and credit card information. To avoid this scam, make sure the URL on the payment page is the same as the site you were shopping on. Cybercriminals may change the URL slightly, perhaps adding or omitting a single letter. Check the URL before you enter your payment details.

Warning signs of fake shopping sites include:

• A redirect that leads to a page with “http://” in the URL
• Excessively low prices
• No information about the origin of the site, no or very limited contact information and questionable reviews

Conclusion

It is safe to assume that if someone asks you for banking or personal information, they are trying to trick you. Therefore, you should never provide personal information to anyone on the Internet who contacts you directly. If you need to make a financial transaction online, make sure you do so on a secure server and through a trusted website.

If you believe you have been scammed, immediately change all your passwords, delete any malicious software you may have downloaded, and contact your bank if there is a possibility of fraud using your credit card. Contact your local law enforcement to report the fraud and get help with the next steps.

Every year, technology evolves and shapes the way we conduct business, manage tasks and store data. The digital environment and opportunities for attacks are constantly changing. Thus, it is important to be aware of technological trends, especially regarding cybersecurity, which currently have significant importance in management and business continuity. The prevention and defence of cybersecurity is intrinsically related to identifying trends, technologies and factors of potential threats. Based on these premises we highlighted those that we consider to be the trends for 2023.

The impact of Artificial Intelligence (AI)

Artificial Intelligence will continue to have a significant impact on the cybersecurity environment, taking on an important role in businesses, creating real-time solutions faster than a human. AI can perform various security-related tasks, including data analysis and machine learning.
AI can also be used by cybercriminals. In cybersecurity, incorporating automated AI-based solutions is a necessity at this time to save resources and for being more reliable against automated attacks.
Deepfake videos are popular on social media, and cybercriminals, knowing this, use them to manipulate information, destroy credibility and pose as reliable sources. According to experts, deepfake technology is currently the most worrying in the use of artificial intelligence, as it can have significant effects on terrorism and cybercrime.
It is estimated that more cybersecurity themes will be made available with AI systems, year after year.

Global Events

Global turbulence or politically volatile events can trigger serious cybersecurity risks. Moreover, events with potential international impact often set trends to shape action and response in the sphere of information technology and cybersecurity. As a prime example, the COVID-19 pandemic created a fertile ground for cybercriminals and malware groups to develop virus-based threat campaigns and misinformation around treatment, such as vaccines. Whenever important issues arise, these provide ammunition to lead phishing, malware and other cyberattacks.
This is also why organisations had to adapt and set new security policies during the pandemic for their employees. Basic
precautions included the use of dedicated devices, reserved access and guidance to employees on security. Today we are noticing an adoption of hybrid working, where possible, in organisations. Now that the pandemic is coming to an end, 2023 will show whether any of the precautions taken in these years will make a difference.

Security in the Cloud

As organisations migrate to the cloud, it is inevitable that cybersecurity will develop specific solutions. And the trend is for migration by entities to increase. It can be said that the cloud will continue to be a key component both for its business application and for ensuring business continuity. Today, the cloud is leading in ransomware protection, primarily due to its backup functionality and ability to build infrastructure quickly.

In recent years, there have been major developments in cloud security, one of which is the Zero Trust cloud security architecture. Zero Trust is a security framework that requires all users, on or off the organisation’s network, to be authenticated, authorised and continuously validated before receiving or maintaining access to applications and data.

Internet of Things

The common usage of IoT creates an attractive attack base for cybercriminals. According to Insider Intelligence, there will likely be 64 billion IoT devices deployed worldwide in the next five years. An organisation’s opportunity for attack grows as more devices are connected to the internet.

Computers or smartphones have better security precautions compared to other IoT devices. With this in mind, one of the critical cybersecurity topics to watch in 2023 is IoT and increased digitisation.

Discover six measures you can take to reduce the risk of security breaches in your IoT network

New Generation Mobile Network

As 5G is a very new technology, it is difficult to predict what effects it will have on cybersecurity.

Unprecedented new levels of wireless connectivity and speed are introduced with 5G. There are more opportunities to initiate larger attacks at faster speeds. Like IoT, 5G is still a new architecture, so it will take some time to adapt and protect. Early adopters should be cautious when integrating cutting-edge technology and even limit the use of 5G-based devices.

Attacks on mobile devices

Cyber criminals attack mobile devices through various methods, such as phishing and unauthorised applications. Today, these devices can store large amounts of valuable data and perform functions remotely, and often have a low level of security. Mobile security is often undervalued, and with mobile devices being yet another potential gateway to network breaches despite manufacturers’ efforts to implement security, it is very likely that phishing and malware attacks on these devices will increase.

Read our 8 best practices that can be implemented to improve the security of mobile devices

Attacks on the Supply Chain

Supply chain attacks can use vulnerabilities in third-party software and cause substantial financial losses. Today’s business operations are primarily supported by the global network of suppliers, third-party services and supply chains. Unfortunately, this dependency increases the possibilities for attacking businesses and provides cybercriminals with more entry points for exploitation.

According to open source reports, the number of supply chain attacks has increased 430% by 2021.

While supply chain attacks are no longer a novelty, other opportunistic and financially motivated cybercriminals will be alert to the potential that exists and the impact it can unleash. Cybercriminals are more willing to apply a strategy they see succeeding.

Targeted ransomware

Ransomware, the biggest threat raising the most visibility, is one of the big issues that cybersecurity has to deal with.

Ransomware campaigns require resources and, therefore, high impact attacks can be sponsored by terrorists looking to inflict a massive attack on a territory or organisation. With the current war situation in Ukraine we have seen this happening with cyber warfare. With increasing resources, sponsored and targeted ransomware cases (e.g.: Colonial Pipeline incident), are expected to increase proportionately.

These ransomware attacks may even become a regular scenario.

Read more about ransomware:

• 7 tips to be prepared against ransomware attacks
• Ransomware Awareness | The importance of education

Data Privacy Laws

At a time when we share our personal information across almost every service, governments have started taking strict measures on data security.

By the end of 2023, 75% of the world’s population will have their personal information protected by modern data privacy legislations established by various data protection authorities (such as RGPD).

Consumers will be able to know what kind of data is collected about them and for what purpose. Organisations will begin to manage various data protection laws and will focus on automating their approach to data privacy.

Hacking autonomous vehicles

Autonomous vehicles are a topic that has us all curious and excited. But is cybersecurity ready for this technology?

Cars often have automated software, enabling features such as cruise control, engine timing, airbags, automatic door locking and driving support systems.

Currently, it is believed that cyber criminals will be able to control vehicles or listen to conversations through microphones.

It is therefore crucial to be aware of the numerous risks associated with the purchase of these new autonomous vehicles.

Scarcity of Resources

In order to respond to regulatory requirements and the challenges of cybercriminals with increasingly ingenious and creative attacks, the demand for cybersecurity experts and talent has increased considerably.

Many organisations lack cybersecurity talent, knowledge and expertise – and the shortfall is growing. Overall, cyber risk management has not kept pace with the proliferation of digital and analytic transformations, and many companies are unsure how to identify and manage digital risks. To face the challenge, regulators are increasing the targeting of corporate cybersecurity resources, generally with the same level of oversight and focus applied to credit and liquidity risks in financial services and to operational and physical security risks in critical infrastructure.

At the same time, companies face stricter compliance requirements as a result of growing privacy concerns and high profile security breaches.

By 2023 that challenge remains, and it is anticipated that it may increase the demand for talent and the demand from regulators.

Understanding trends, especially cybersecurity threats, means staying aware of the world around us.

Due to the significant growth of online shopping, it’s important to remind the most important habits to stay safe in cyberspace, both at home and at work. These nine tips help you recognise and combat digital security threats and be less vulnerable to cyber-attacks. Thus, we remind you here of some of the main tips to protect yourself against malicious online attacks:

	1. Practice safe web browsing wherever you are by always checking the padlock icon in the browser bar. This means a connection that carries your data safely.
	2. When using Wi-Fi, avoid open networks without access keys, as is the case with some free Internet access services.
	3. If you are using an unsecured public hotspot, remember good internet usage practices by avoiding sensitive activities that require passwords or credit cards. Your hotspot is often a safer alternative to free Wi-Fi.
	4. Do not disclose personally identifiable information such as tax number or date of birth to unknown sources.
	5. Type website URLs directly into the address bar rather than clicking links or cutting and pasting from email.
	6. Be on the lookout for phishing emails and fake websites. Be wary of any email asking you to verify or renew your credentials, even if it appears to come from a trusted source. In all cases, try to verify the authenticity of the request through other means, such as accessing the service in question directly.
	7. Do not click on suspicious links or open dubious attachments, especially if they appear in the context of e-mails relating to purchases, orders or other actions that you do not remember doing.
	8. Check your online accounts and bank statements regularly and report any suspicious activity to your bank. If you think you have been victim of an attack, contact your bank. If possible, enable two-factor authentication for payments.
	9. Make sure your system (operating system and applications) is up to date, as well as ensuring that anti-virus and anti-malware are installed and fully up to date.

Deep Instinct is a cybersecurity company that uses deep learning to provide endpoint, server, application, and mobile security. It claims to be “the first company to apply end-to-end deep learning to cybersecurity.”

Deep Instinct uses a prevention-first approach. It’s designed to identify threats and prevent payloads from deploying within an organisation’s systems. Using deep learning—in contrast to just machine learning—Deep Instinct is proactive and predictive.

Solutions include:

• Ransomware prevention
• Prevention of zero-day attacks
• Improving the efficacy of endpoint protection platforms (EPP)
• Extending and enhancing endpoint detection and response (EDR)
• Stopping fileless attacks

They also offer managed services. By offering “prevention as a service,” they’re in effect creating a new category in the industry.

The company has positioned itself rather boldly in the cybersecurity solution landscape, so in this article, we’ll take a look at whether the hype is justified.

Is Deep Instinct an EDR?

Yes and no. Let’s start with no. While Deep Instinct is technically an endpoint protection platform, it takes a strong stance on the shortcomings of most EDR tools on the market.

Their e-book “8 Reasons Why EDR Is Not Enough” says that even though endpoint detection and response (EDR) tools might have sparked optimism at first, escalating ransomware incidents all around us are forcing us to smell the coffee: EDR solutions are failing us. 

Deep Instinct’s documentation vehemently states that EDR is not enough to defend against present and future threats. In their words, EDR is flawed because it is reactive and frankly “too late” to protect an organisation against threats. 

The e-book urges companies to adopt a prevention-first approach in their security strategy and look for ways “to complement existing EDR solutions to mitigate risk.” But by “complementing,” they don’t mean the typical extended detection and response (XDR)—the new shiny object in cybersecurity—because even XDR is a “post-execution-focused solution.”

Again, their emphasis is prevention—i.e., pre-execution—or as Deep Instinct puts it, “zero time.” 

To conclude, Deep Instinct positions itself as a deep learning tool that can “sharpen your EDR.” It can improve the effectiveness of EDR tools “by significantly reducing the signal-to-noise ratio and allowing security teams to more quickly identify threats that need investigating and remediation before attackers breach the network.” 

What is the difference between machine learning and deep learning?

In a nutshell, machine learning is a type of AI, and deep learning is a more advanced form of machine learning. 

To understand deep learning, imagine multiple layers of neural networks working together similarly to the way human brains process information. Or, just as the human brain turns a first-time encounter into instinctive or intuitive knowledge, so deep learning’s goal is to turn learnings into instant second-nature decision-making.

Machine learning (ML) is the most common type of AI in cybersecurity tools right now. But it has significant limitations. ML is mostly reactive and still requires extensive human involvement to engineer features. It also relies on human tuning to detect known patterns that indicate an attack. ML only takes a look at about 2 to 5 percent of available data. In contrast, deep learning (DL) trains on 100 percent of available raw data and “can make autonomous decisions about unknown threats without having to see the entirety of an attack.”

But is that fundamental difference really part of Deep Instinct’s competitive edge? 

Curiously, even Deep Instinct acknowledges that “deep learning has reached ‘buzzword’ status” and says that many companies are appropriating the term without truly delivering that type of technology.

So let’s look at how their technology actually works and whether it truly delivers.

How does Deep Instinct work?

Is it an agent-based solution?

Deep Instinct is an agent-based solution. What you get is a fully trained model. 

Why is that important? Because some people will falsely assume that deep learning has to take place on their own endpoints and in their own environment. That would make the “intelligence” quite limited. 

Stephen Salinas, former head of product marketing at Deep Instinct, explained in an ActualTech Media interview (hosted by Scott Lowe): “We train on a universe of threats—and it’s millions and millions of threats.” 

Essentially, Deep Instinct has an enormous data set of known malicious files, and based on that, the tool will make a verdict. Salinas explained that Deep Instinct doesn’t need to know anything about your organisation or any organisation to make deep learning work. “It’s really about the amount of threats that we’ve trained the model on.”

How does it make decisions? 

Deep instinct uses a multi-layered approach, consisting of (1) deep static analysis, (2) deep behaviour analysis, and (3) deep automatic analysis.

Static analysis is the first stage where, for example, a file will be scanned and compared against the library of data of known malicious files. And if it gets past this stage and the user engages with that file, behaviour analysis will kick in. Deep Instinct will identify behaviours that are associated with ransomware and will step in and block it. Finally, it offers automatic remediation, post-execution.

How are model updates deployed?

The company releases updates about two or three times a year. This is a benefit to security operation centres (SOCs) within organisations because they don’t need to perform countless security updates or rely on continuous internet connectivity.

Does Deep Instinct really do what it says?

The claims

To start, let’s look at a few of Deep Instinct’s quantified promises:

• Automatically prevents malware execution with greater than 99 percent accuracy
• Detects malware and attacks with less than 0.1 percent false positives
• Recognizes and automatically prevents previously unknown or custom (zero-day) attacks
• Takes less than 20 milliseconds to prevent a threat (750 times faster than ransomware encrypts)

It also boasts that it’s fast, compressed, and lightweight and doesn’t take up a lot of resources to run.

Independent third-party testing results

Deep Instinct was independently tested by Unit 221B and published a 28-page report of the findings.

Unit 221B concluded that the product was so effective that it “prevented unknown malware attacks with 100 percent accuracy … [and] was adept at preventing custom attacks with 96.4 percent accuracy.” In addition, there were absolutely no false positives—all without interfering with safe applications being run for everyday business operations. 

At the time of writing, Gartner shows an overall rating of 4.8/5 based on 28 customer ratings, with 95% of customers recommending the product.

Big-name investors boost confidence

Founded in 2015 by Guy Caspi, Deep Instinct garnered quite a bit of attention in 2017 when GPU maker NVIDIA named Deep Instinct “the most disruptive startup” at their Inception Awards. In fact, Deep Instinct developed its deep learning capabilities right on NVIDIA’s GPU machines. 

In a CNBC Mad Money episode, Deep Instinct’s CEO Lane Bess (former CEO of Palo Alto Networks and former COO of Zscaler) said, “This was extremely interesting to them [NVIDIA]. And that led to a lot of other opportunities.”

In 2021, Deep Instinct raised $100 million in Series D funding, led by investment behemoth BlackRock.

Industry-leading performance guarantee and warranty

On March 11, 2021, Deep Instinct became the first cybersecurity company to back its own product with a performance guarantee! 

In a press release, Deep Instinct stated the performance guarantee “ensures an incredibly low false positive rate.” They’ve also added a ransomware warranty that is “three times higher than any other cybersecurity company.” 

Sounds like they’re putting their money where their mouth is, and who doesn’t like that?

How well does Deep Instinct integrate with other platforms and technologies?

The Deep Instinct Prevention Platform includes Deep Instinct for Endpoint, Deep Instinct for Cloud, Deep Instinct for Applications, and Deep Instinct for Web Gateways. It will easily integrate with EDR, SIEM, SOAR, and other tools using REST API, Syslog, or SMTP. 

Deep Instinct’s technology partners include:

• Splunk
• Micro Focus ArcSight
• Amazon Web Services
• IBM
• Citrix
• VMware
• Workspace ONE

However, some reviewers have noted that running Deep Instinct on Linux and Unix operating systems still needs to be improved. Deployment without a VPN or for remote users can be difficult as well.

A notable integration/partnership was solidified in November 2021 with Tanium. “With Deep Instinct, Tanium customers gain complete visibility and control over their endpoints,” Tanium states on their own website. 

Brendan Mangus, Deep Instinct’s director of content marketing, said, “When Tanium and Deep Instinct joined forces in a new strategic alliance … a unique product offering was born. Customers will now get extremely fast and accurate threat prevention capabilities from Deep Instinct combined with full endpoint visibility and control from Tanium.” 

Deep Instinct is growing very quickly. So we can expect new information on partnerships and integrations to emerge on an ongoing basis.

How much does Deep Instinct cost?

Deep Instinct’s pricing is a bit hard to track down, as the company doesn’t seem to have published it on their website. The Network Admin Tools website has reported that “each endpoint is priced around $50-75 per instance, all based on the volume,” adding that the mobile solution will range slightly more than this. Also, it’s the console—which manages and controls everything—that carries a big cost.

Reviews on Gartner from various customers indicate that pricing is competitive and even lower-cost compared to larger players. But even though pricing is competitive, some customers noted that the console itself is expensive. So you will see varied opinions on this.

So what’s the conclusion?

Deep Instinct is worth paying close attention to as they continue to make waves developing their deep learning AI technology on their purpose-built prevention platform. We conclude their deep learning technology is science fact, not fiction.

How can I learn more?

This article is a part of a greater series centred around the technologies and themes found within the first edition of the TechRadar by Devoteam. To read further into these topics, please download TechRadar by Devoteam

Want to know more about Deep Instinct?

Check out TechRadar by Devoteam to see what our experts say about its viability in the market.

Go to TechRadar by Devoteam e-book

According to the Cybersecurity Incident Response Services by Forrester, 50% of global security decision-makers experienced a breach in the past 12 months, a number that rose to 63% in 2021 due to the increasing number of ransomware attacks against companies. 

But first, it is important to understand how ransomware attacks work and what causes ransomware attacks.

What is a Ransomware attack?

Ransomware is a form of malware and a criminal business model that is constantly evolving although the basic concept stays the same. Ransomware aims at blackmailing organisations to pay money by making their data and related systems unavailable through encryption or by threatening to leak sensitive data to the public.

What can you do to protect your organisation from ransomware attacks?

Here are a few tips on ransomware attack prevention, what to do when ransomware attacks strikes and how to mitigate the impact:

1. Educate your users on how to avoid clicking spammy links
2. Remove vulnerabilities
3. Enable good passwords and use strong authentication
4. Make use of security monitoring and intelligence
5. Pay attention to supply-chain risks
6. Improve your defence in depth security architecture
7. Maintain plans and policies
8. Maintain a secured backup of your data

1. Educate your users on how to avoid clicking spammy links

Even though there is a lot of protective technology available to deal with ransomware it is a fact that the vast majority of ransomware incidents are still enabled by humans. The biggest potential to reduce ransomware risk lies in user awareness. No Anti-Ransomware program is complete without appropriate education and training elements.

Remind your users on a continuous basis to be wary about clicking  on links and attachments in emails, text messages or any other social media apps without proper evaluation. Also, educate them to avoid USB devices, websites, software that are either unsolicited, not required or not approved by your organisation.

Attackers usually make use of constantly improving social engineering methods to trick users into clicking such links and thus, it is imperative that everyone is well aware of these techniques and how to safeguard yourself from them.

2. Remove vulnerabilities

Regularly patching your operating system and applications will help to close security vulnerabilities that attackers can exploit. Constantly monitor your systems for new vulnerabilities and do not forget to take the hackers view by performing persistent pentesting on your critical assets and entry points.

3. Enable good passwords and use strong authentication

Encourage users to use password managers that enable them to generate random, unique passwords for each account without having to remember a large number of complex passwords or to reuse passwords across accounts. By doing this, cybercriminals will have a much harder time getting access using the stolen credentials.

Furthermore, setting up two factor or multi factor authentication by default puts you one step closer to securing your data. Be aware of the fact that multi factor authentication improves the level of security, but it is not a bulletproof security control in all cases.

3. Make use of security monitoring and intelligence 

Stay updated on the latest security threats in general and specifically to your organisation. Scan for breaches in your network and monitor what is going on in the internet/darknet regarding your organisations’ domains and account names.

4. Pay attention to supply-chain risks

Only rely on verified and trusted 3rd parties. Challenge your suppliers and partners on their security best practices.

Additionally, block the use of software and services from unknown or untrusted vendors. Malware writers often bundle their products with free software or plugins, so if something looks too good to be true, it probably is.

5. Improve your defence in depth security architecture 

Having high performance firewalls, modern endpoint protection software or email security gateways is definitely a good idea to avoid being hit by Ransomware. But do not forget to constantly maintain a comprehensive and end-to-end security architecture that provides the best bang for your security money and that addresses the specific risks of your organisation’s environment and ways of working (work from home, bring your own device etc.).

6. Maintain plans and policies

Ensure that your organisation knows what to do in the event of a ransomware attack by developing a security incident response strategy and plan. It is important that the strategy and plans specify who will play what roles during an attack and how communications will be conducted. If any partners or vendors will need to be contacted, be sure to include their contact information. Additionally, ensure that your company has a policy for dealing with suspicious events that are often part of an attack for phishing confidential information. In order to verify your plans’ efficiency, you must regularly test them. Never testing a plan means that you cannot guarantee its success.

7. Maintain a secured backup of your data

Last but not least, do not assume that you can totally avoid ransomware attacks by any combination of prevention controls. Not having a good backup strategy in place must be considered as a lack of due care.Backing up your data regularly in a secure way is the best way to protect yourself from the impact of a ransomware attack and prevent any data loss. By doing so, you will have a copy of your data that is safe and can be accessed even if your primary copy is encrypted. This will allow you to continue working and avoid paying a ransom.

At a minimum, follow the 3-2-1 backup rule:
– 3 copies of data
– on 2 types of storage
– 1 of them located off site

Remember to secure your backups from unauthorised online access and take into consideration that attackers will also try to attack your backup and archive systems. Immutable backups or systems that require manual intervention by an operator to get write access to your backup data are essential.

Do not forget that implementing a secure backup is only half the battle, you need to be able to restore your systems in a timely manner (see also tip #6 on maintaining proper plans).

A backup retention policy specifies how long data should be kept, where it should be archived and what should be kept in backups. Restoring previous versions of the backed up files is possible with good backup retention policies, which provide protection against hardware failures and human errors. 

The ebook on Backup, Archiving & Anonymization discusses the different types of backups and the risks associated with the failure of backups to provide a deeper understanding of the issues related to poor data retention.

If you need support to execute your Ransomware protection strategy, let us help you protect your organization from today’s threats, recover from any attack, and avoid ransom fees. We ensure all our clients’ endpoints, systems, and data are protected against cyber attacks using approaches that integrate next-generation data protection with cybersecurity.

But first, you need to know what cookies are.

What are Cookies?

Cookies are data stored in your browser that can contain various information that generates knowledge about your internet activity.

The main purpose of a cookie is to identify users and present them with personalised webpages according to preferences for easier navigation, as well as to save your website’s login information. That’s why sometimes when you return to a website, instead of seeing a generic welcome page, you get a personalised welcome, for example.

Some websites use cookies to store additional personal information. However, you can only do this if you have provided the website with it. Secure websites will encrypt personal data contained in cookies to prevent unwanted access by third parties.

Cookies and cybercriminals

Cookies by themselves do not pose security risks, however, they can be used by cybercriminals to impersonate the user, collect financial data, access their accounts or to steal passwords that are stored in the browser. These can spread malware and induce you to visit dangerous websites. Cybercriminals can also use cookies to make websites appear inaccessible to web browsers.

Cookies can pose a serious threat to privacy. Marketing cookies have advanced significantly in their ability to track users over time, from simple tasks such as counting ad impressions, views and clicks, to limiting pop-ups and retaining the ad sequence. They can currently perform user profiling/tracking of website preferences.

How to be safe with Cookies?

While cookies can be a security concern, with some care in online activity it is possible to avoid or minimise these dangers. Here are some suggestions for protecting yourself from the most dangerous features of cookies:

• When exchanging personal information, always be cautious. Cookies have the potential to communicate such information, so proceed with caution.
• Deactivate the storage of cookies in your browser. This reduces the amount of data exchanged, you can change your browser’s privacy settings and avoid storing passwords in the browser.
• There are browser add-ons that disable third-party software, such as cookie trackers, keeping your browsing data private. Always look for reliable and recommended add-ons.
• Always keep anti-malware software updated on your device, as malware can impersonate harmless cookies or enter advertising networks.
• If a website asks you to accept cookies and you are not sure if it is legitimate, stop browsing immediately.

The physical security structure consists of three main components: access control, permanent active surveillance and testing. The success of an organisation’s physical security program can often be attributed to how each of these components are implemented, improved, and maintained.

1. Physical Security definition

Physical security aims to protect people, property, and physical assets from any action or event that could lead to loss or damage. Physical security is crucial, and security teams must work together to ensure the security of digital assets.

2. Why is Physical Security important?

Physical security keeps your employees, facilities, and assets safe from real-world threats. These threats can arise from internal or external intruders that question data security.

Physical attacks can cause a safe area to break into or the invasion of a restricted area part. An attacker can easily damage or steal critical IT assets, install malware on systems, or leave a remote access port on the network.

It is important to have strict physical security to protect against external threats, as well as equally effective measures to avoid the risks of any internal intruder.

The key is to understand that physical security refers to the entire space, and it should not be restricted only to the front door, but to the entire building. Any area that is left unprotected – such as the smoking area (with doors for example facing the outside of the building, without the main entrance controls) or the entrance to the car park, can pose a risk.

Security experts refer to this form of protection as a deep or layered protection, since there are several control points in the physical infrastructures.

Physical damage is as harmful as digital loss, and therefore strict physical security measures must be taken.

3. Physical Security principles and measures

Key components of physical security include:

• Access control and monitoring of physical access should cover the entire area, using sophisticated physical security tools such as biometric and ID card restrictions. However, it is important to understand the pros and cons of each measure and how these access controls can be forged.

• Surveillance, containing burglar alarms, guards, and CCTV that keeps a complete record of the entire movement. High-risk areas may have sophisticated detectors to ensure a more holistic view.

The general principles of physical security measures should respond to:

• Physical Security Perimeter
• Physical Input Controls
• Security of Offices, Rooms, and Facilities
• Protection against External and Environmental Threats
• Working in Safe Areas
• Public Access, Loading and Unloading Areas
• Protection and Disposal of Equipment

4. IoT and IA bring Physical Security to the digital world

Traditionally, physical and digital security were two distinct fields. Today organisations are increasingly dependent on IoT and its integrations, increasing by themselves the need for an improvement in their digital and physical security controls (network, servers, data, etc.). Virtual machines and applications, even if they’re in the cloud, are as secure as your physical servers.

With technology constantly evolving, integrations with AIs are increasingly popular. With regard to physical security, these integrations will continue to evolve, for example by allowing:

• Real-time analysis of video surveillance with detection of possible anomalies.
• Intelligent access control systems that enable a more reactive approach.
• Patrols of robots and automatic and proactive drones in search of potential anomalies and threats.
• Crowd monitoring, allowing facial recognition and behavioural analysis.

5. What are the main threats to Physical Security?

Physical security focuses on keeping your facilities, people, and assets safe from real-world threats.
Currently, there are multiple attack vectors, and these can have a focus not only from a physical and technological point of view, but also exploring weaknesses specific to the human condition (social engineering).

Physical security also focuses on rules and controls that allow the protection of persons and property in the event of natural disasters or catastrophes.

Some of the most common and most difficult attacks to mitigate are focused on Social Engineering, psychologically manipulating people to perform actions or disclose confidential information. Examples:

• Tailgating: The attacker manages to follow an authorized person to a reserved area.
• Piggybacking: The attacker manages to trick an authorized person by gaining their access to reserved areas.

6. How can we protect Physical Security?

Your physical assets might get stolen, and that could be a major threat. In the following list, we find some of the most commonly used controls for protection with regard to physical safety:

• Remote access: Allows remote location through applications.
• Gates: Helps form the outermost physical security layer. It makes it impossible, or at least, to attempt to access the infrastructure hastily.
• Surveillance: Provides a visual and historical record.
• Alarm systems: Reactive layer on capturing historical events.
• Access controls: Control and record the movement of people and vehicles.
• Indicated lighting: Good indoor and outdoor lighting may be sufficient to prevent unauthorized access, especially at night.
• Regular audits: All security checks should be regularly audited to ensure that everything is working as expected.
• Incident Response: Organisations should be prepared to handle incidents, ensuring rapid, organised, and efficient responses.
• Backups: Be sure to backup your device’s data constantly.