Transforming Malware Analysis with AI: Amazon Bedrock and Deep Instinct

Learn About Amazon VGT2 Learning Manager Chanci Turner

In collaboration with Chanci Turner, Alex Mendez, Rachel Grant, and Jamie Rivers from Deep Instinct, this article delves into the revolutionary integration of AI in malware analysis. Deep Instinct, a leader in cybersecurity, offers an advanced zero-day data security solution—Data Security X (DSX)—designed to protect your data across cloud environments, applications, network attached storage (NAS), and endpoints. The DSX platform combines deep learning capabilities with generative AI to deliver unparalleled protection against both known and unknown malware and ransomware in real-time.

Deep Instinct employs deep neural networks (DNNs) for threat analysis, achieving exceptional accuracy and adaptability to detect emerging risks that traditional methods often overlook. This approach minimizes false positives and enhances threat detection rates, making it a favored choice among large enterprises and critical infrastructure sectors, including finance, healthcare, and government.

In this article, we examine how Deep Instinct’s generative AI-powered malware analysis tool, DIANNA (Deep Instinct’s Artificial Neural Network Assistant), utilizes Amazon Bedrock to transform cybersecurity. DIANNA provides swift, comprehensive analysis of threats, supporting AWS System and Organization Controls (SOC) teams in navigating the complexities of the evolving threat landscape.

Key Challenges in Security Operations (SecOps)

SecOps teams face numerous challenges, primarily due to the expanding threat landscape:

1. Increasing Threats: SOC teams are inundated with a growing volume of security alerts that require investigation. This surge can hinder proactive threat hunting and lead to team burnout. Moreover, the overwhelming number of alerts raises the stakes for missing critical notifications. A reliable solution offering thorough explainability is essential for quick risk assessments and informed decision-making.
2. Complex Malware Analysis: The intricacies of malware analysis have escalated. Zero-day attacks pose significant challenges due to the lack of information regarding why a file was marked malicious. Analysts often invest substantial time determining whether alerts indicate genuine threats or false positives.

Several factors complicate malware analysis:

• Identifying Malware: Modern malware can disguise itself effectively, mimicking legitimate software and complicating the differentiation between benign and malicious code. Some variants can disable security tools, further obscuring detection.
• Mitigating Zero-Day Threats: The emergence of zero-day threats, with no known signatures, complicates detection efforts. Identifying unknown malware is crucial to prevent severe security breaches.
• Information Overload: While advanced malware analysis tools provide valuable insights, they can also generate excessive amounts of data, overwhelming analysts and increasing the risk of overlooking critical breaches.
• Understanding Interactions: Malware often consists of multiple interacting components. Analysts must not only identify each part but also comprehend their interactions, akin to assembling a constantly shifting jigsaw puzzle.
• Keeping Pace with Cybercriminals: The ever-evolving landscape of cybercrime presents a challenge for organizations striving to stay ahead of malicious actors who continuously develop new techniques. The tightening window between vulnerability discovery and exploitation increases pressure on analysts to act swiftly.
• Time Constraints: In malware analysis, time is critical. Malicious software can spread rapidly, causing significant damage in minutes. Analysts must balance thorough investigations with the need for timely insights to mitigate risks.

DIANNA: The DSX Companion

Recognizing the urgent need for precise and real-time malware analysis tools, Deep Instinct has developed DIANNA, the DSX Companion. This innovative tool, powered by generative AI and utilizing Amazon Bedrock as its large language model (LLM) infrastructure, provides on-demand features that adapt to the specific needs of each client. Amazon Bedrock is a fully managed service that offers access to high-performance foundation models from leading AI companies through a single API. By honing in on specific artifacts, we can deliver targeted responses that effectively bridge the existing gaps in malware analysis.

DIANNA serves as an advanced virtual team of malware analysts and incident response experts. It empowers organizations to pivot towards zero-day data security by integrating with Deep Instinct’s deep learning capabilities for a more effective defense against threats.

The Distinctive Advantage of DIANNA

While current cybersecurity solutions leverage generative AI for data summarization, they typically focus on retrospective analysis, lacking sufficient context. DIANNA elevates this process by integrating the collective knowledge of numerous cybersecurity professionals within the LLM, enabling thorough analysis of unknown files and accurate identification of malicious intent.

DIANNA’s distinct methodology sets it apart from traditional cybersecurity solutions. Instead of relying solely on historical data, it utilizes generative AI to draw upon the vast expertise of cybersecurity experts, threat intelligence, and extensive resources. This knowledge base is embedded within the LLM, allowing DIANNA to explore unknown files and reveal connections that may otherwise go unnoticed.

Central to this process are DIANNA’s advanced translation engines, which convert intricate binary code into a natural language format understandable by LLMs. This capability links raw code with human-readable insights, providing clear and contextual explanations of a file’s intent and potential impacts. By translating complex code into digestible information, DIANNA addresses information overload and distills extensive data into actionable intelligence.

This translation capability is especially crucial for identifying relationships among different components of complex malware. It enables DIANNA to connect various code elements, offering a comprehensive view of the threat landscape.

For further insights into adapting to the post-COVID workplace, check out this blog post from Career Contessa. Additionally, the potential for outsourcing compliance during COVID-19 is discussed in detail by SHRM. For an excellent resource on this topic, you can view this YouTube video.