Yariv Fishman is Chief Product Officer (CPO) at Deep Instinct, he is a seasoned product management executive with more than 20 years of leadership experience across notable global B2B brands. Fishman has held several prominent roles, including leadership positions with Microsoft where he led the Cloud App Security product portfolio and initiated the MSSP and security partner program, and Head of Product Management, Cloud Security & IoT Security at CheckPoint. He holds a B.Sc in Information Systems Engineering from Ben Gurion University and an MBA from the Technion, Israel Institute of Technology.
Deep Instinct is a cybersecurity company that applies deep learning to cybersecurity. The company implements AI to the task of preventing and detecting malware.
Can you tell us about your journey in the cybersecurity industry and how it has shaped your approach to product management?
Throughout my 20 year career, I’ve worked at several global B2B organizations, including Check Point Software Technologies and Microsoft, where I led product management and strategy and built my cybersecurity experience across public cloud, endpoint, network, and SaaS application security.
Along the way, I’ve learned different best practices – from how to manage a team to how to inform the proper strategy – that have shaped how I lead at Deep Instinct. Working for numerous cybersecurity companies of various sizes has allowed me to get a holistic view of management styles and learn how to best create processes that support fast-moving teams. I’ve also seen first-hand how to release products and plan for product-market fit, which is critical to business success.
What drew you to join Deep Instinct, and how has your role evolved since you started as Chief Product Officer?
As an industry veteran, I rarely get excited about new technology. I first heard about Deep Instinct while working at Microsoft. As I learned about the possibilities of predictive prevention technology, I quickly realized that Deep Instinct was the real deal and doing something unique. I joined the company to help productize its deep learning framework, creating market fit and use cases for this first-of-its-kind zero-day data security solution.
Since joining the team three years ago, my role has changed and evolved alongside our business. Initially, I focused on building our product management team and relevant processes. Now, we’re heavily focused on strategy and how we market our zero-day data security capabilities in today’s fast-moving and ever-more-treacherous market.
Deep Instinct uses a unique deep learning framework for its cybersecurity solutions. Can you discuss the advantages of deep learning over traditional machine learning in threat prevention?
The term “AI” is broadly used as a panacea to equip organizations in the battle against zero-day threats. However, while many cyber vendors claim to bring AI to the fight, machine learning (ML) – a less sophisticated form of AI – remains a core part of their products. ML is unfit for the task. ML solutions are trained on limited subsets of available data (typically 2-5%), offer only 50-70% accuracy with unknown threats, and introduce false positives. They also require human intervention because they are trained on smaller data sets, increasing the chances of human bias and error.
Not all AI is equal. Deep learning (DL), the most advanced form of AI, is the only technology capable of preventing and explaining known and unknown zero-day threats. The distinction between ML and DL-based solutions becomes evident when examining their ability to identify and prevent known and unknown threats. Unlike ML, DL is built on neural networks, enabling it to self-learn and train on raw data. This autonomy allows DL to identify, detect, and prevent complex threats. With its understanding of the fundamental components of malicious files, DL empowers teams to quickly establish and maintain a robust data security posture, thwarting the next threat before it even materializes.
Deep Instinct recently launched DIANNA, the first generative AI-powered cybersecurity assistant. Can you explain the inspiration behind DIANNA and its key functionalities?
Deep Instinct is the only provider on the market that can predict and prevent zero-day attacks. Enterprise zero-day vulnerabilities are on the rise. We saw a 64% increase in zero-day attacks in 2023 compared to 2022, and we released Deep Instinct’s Artificial Neural Network Assistant (DIANNA) to combat this growing trend. DIANNA is the first and only generative AI-powered cybersecurity assistant to provide expert-level malware analysis and explainability for zero-day attacks and unknown threats.
What sets DIANNA apart from other traditional AI tools that leverage LLMs is its ability to provide insights into why unknown attacks are malicious. Today, if someone wants to explain a zero-day attack, they have to run it through a sandbox, which can take days and, in the end, won’t provide an elaborate or focused explanation. While valuable, this approach only offers retrospective analysis with limited context. DIANNA doesn’t just analyze the code; it understands the intent, potential actions, and explains what the code is designed to do: why it is malicious, and how it might impact systems. This process allows SOC teams time to focus on alerts and threats that truly matter.
How does DIANNA’s ability to provide expert-level malware analysis differ from traditional AI tools in the cybersecurity market?
DIANNA is like having a virtual team of malware analysts and incident response experts at your fingertips to provide deep analysis into known and unknown attacks, explaining the techniques of attackers and the behaviors of malicious files.
Other AI tools can only identify known threats and existing attack vectors. DIANNA goes beyond traditional AI tools, offering organizations an unprecedented level of expertise and insight into unknown scripts, documents, and raw binaries to prepare for zero-day attacks. Additionally, DIANNA provides enhanced visibility into the decision-making process of Deep Instinct’s prevention models, allowing organizations to fine-tune their security posture for maximum effectiveness.
What are the primary challenges DIANNA addresses in the current cybersecurity landscape, particularly regarding unknown threats?
The problem with zero-day attacks today is the lack of information about why an incident was stopped and deemed malicious. Threat analysts must spend significant time determining if it was a malicious attack or a false positive. Unlike other cybersecurity solutions, Deep Instinct was routinely blocking zero-day attacks with our unique DL solution. However, customers were asking for detailed explanations to better understand the nature of these attacks. We developed DIANNA to enhance Deep Instinct’s deep learning capabilities, reduce the strain on overworked SecOps teams, and provide real-time explainability into unknown, sophisticated threats. Our ability to focus the GenAI models on specific artifacts allows us to provide a comprehensive, yet focused, response to address the market gap.
DIANNA is a significant advancement for the industry and a tangible example of AI’s ability to solve real-world problems. It leverages solely static analysis to identify the behavior and intent of various file formats, including binaries, scripts, documents, shortcut files, and other threat delivery file types. DIANNA is more than just a technological advancement; it’s a strategic shift towards a more intuitive, efficient, and effective cybersecurity environment.
Can you elaborate on how DIANNA translates binary code and scripts into natural language reports and the benefits this brings to security teams?
That process is part of our secret sauce. At a high level, we can detect malware that the deep learning framework tags within an attack and then feed it as metadata into the LLM model. By extracting metadata without exposing sensitive information, DIANNA provides the zero-day explainability and focused answers that customers are seeking.
With the rise of AI-generated attacks, how do you see AI evolving to counteract these threats more effectively?
As AI-based threats rise, staying ahead of increasingly sophisticated attackers requires moving beyond traditional AI tools and innovating with better AI, specifically deep learning. Deep Instinct is the first and only cybersecurity company to use deep learning in its data security technology to prevent threats before they cause a breach and predict future threats. The Deep Instinct zero-day data security solution can predict and prevent known, unknown, and zero-day threats in <20 milliseconds, 750x faster than the fastest ransomware can encrypt – making it an essential addition to every security stack, providing complete, multi-layered protection against threats across hybrid environments.
Thank you for the great interview, readers who wish to learn more should visit Deep Instinct.
