What Is Inline Deep Learning?
Inline deep learning is the process of taking the analysis capabilities of deep learning and placing it inline
It includes three main components that make it well equipped to fight modern cyberthreats:
- Threat detection capabilities trained by a large volume of real-world threat data
- Analysis done inline to inspect real-world traffic as it enters the network
- Massive processing power for deep learning analysis and real-time verdicts and enforcement
Why Is Inline Deep Learning Important?
Millions of new cyberthreats emerge every year, with organizations racing to prevent them. Today’s adversaries are succeeding and becoming highly evasive with the help of advanced technologies like cloud-scale resources and automation. More specifically, modern threat actors have two critical advantages (figure 1):
- Speed of proliferation: Attackers can spread attacks faster than ever.
- Polymorphism: Threat actors have the ability to deploy malware and malicious content that evades detection by constantly changing its identifiable features.
New attacks are being launched far more quickly than traditional sandboxing, proxies and independent signature technologies can deploy protections. After an initial infection, modern malware can infect thousands more systems within seconds, well before protective measures can be developed and extended across organizations. To prevent advanced threats, organizations must prevent initial infections from never-before-seen threats as quickly as possible. The goal is to reduce the time between visibility and prevention to zero. Thanks to inline deep learning, this is now possible.
What Is Deep Learning?
To better understand the concept of inline deep learning, it is helpful to first define deep learning and machine learning and then differentiate between the two. Deep learning is a subset of machine learning (ML) that uses artificial neural networks to mimic the functionality of the brain and learn from large amounts of unstructured data. Neural networks are trained using large amounts of unstructured data. They can collect, analyze and interpret information from multiple data sources in real time, without human intervention. Deep learning can be especially helpful when inspecting large amounts of cyberthreat data to detect and avoid cyberattacks. Deep learning automates feature extractions, removing any dependency on humansz: For example: When categorizing animals such as dogs, cats or birds, deep learning will determine which features (e.g., ears, nose, eyes, etc.) are critical to distinguishing each animal from another. These advanced capabilities are what make deep learning extremely beneficial in improving analytical and automation-related tasks.
What Is Machine Learning?
Machine learning is an application of AI that includes algorithms which parse data, learn from the datasets, and apply learnings to make informed decisions. Typically, computers are fed structured data and use this as training data to become better at evaluating and acting. While basic machine learning based models are designed to improve their accuracy over time, they still require human intervention.
Machine Learning vs. Deep Learning
Artificial intelligence (AI) is being used increasingly across multiple industries to fuel automated tasks. Two large components of AI are machine learning and deep learning. The terms are often used interchangeably, but there are distinct differences:
- Machine learning requires a data scientist or engineer to manually choose features or classifiers, check if the output is as required and adjust the algorithm if predictions generated are deemed inaccurate.
Deep learning removes the need for human intervention. Structuring algorithms into layers through its neural networks, deep learning can determine on its own if a prediction is accurate or not.
- Machine learning algorithms tend to have a simple architecture, like linear regression or a decision tree. Machine learning capabilities also tend to involve less processing power. It can be set up and operated rather quickly but may yield limited results.
Deep learning is far more complex. While it does typically require more powerful hardware, resources and setup time, it often generates results instantaneously and requires minimal, if any, upkeep.
- Traditional machine learning algorithms require much less data than deep learning models. ML powered technologies can operate using thousands of data points; deep learning typically requires millions. The data used is also largely unstructured and can include images and videos, allowing it to eliminate fluctuations and make high-quality interpretations.
How Does Inline Deep Learning Work?
Deep learning itself is used in a wide array of industries, including network security. Because it can continually evolve and learn over time from the volumes of threat data it ingests, it’s become a key technology for predicting cyberattacks. To further its effectiveness in detecting and preventing new cyberthreats, a newer, industry-leading tactic has emerged: inline deep learning. In the event of a security breach, inline deep learning is used to analyze and detect malicious traffic as it enters a network, and block threats in real time. This is crucial due to modern threat actors using sophisticated techniques that make attacks unknown to traditional security defenses. While inline deep learning has these incredible capabilities, it also operates without disrupting an individual’s ability to use their device. It runs in the background unnoticed, causing no disruptions to the device’s workflow or productivity.
Preventing Unknown Threats with Inline Machine Learning
Palo Alto Networks has delivered the world’s first ML-Powered Next-Generation Firewall (NGFW), providing machine learning inline to block unknown file- and web-based threats. Using a patented signatureless approach, WildFire and advanced URL Filtering proactively prevent weaponized files, credential phishing and malicious scripts without compromising business productivity. Palo Alto Networks hardware and virtual NGFWs can apply new ML-based prevention capabilities:
- WildFire inline ML inspects files at line speed and blocks malware variants of portable executables as well as PowerShell files, which account for a disproportionate share of malicious content.
- URL Filtering inline ML inspects unknown URLs at line speed. This feature can identify phishing pages and malicious JavaScript in milliseconds, stopping them inline so nobody in your network ever sees them.
To learn more about Inline Deep Learning, read Palo Alto Networks whitepaper: Requirements for Preventing Evasive Threats.
- Human intervention
Machine learning requires a data scientist or engineer to manually choose features or classifiers, check if the output is as required and adjust the algorithm if predictions generated are deemed inaccurate.
Deep learning removes the need for human intervention. Structuring algorithms into layers through its neural networks, deep learning can determine on its own if a prediction is accurate or not. - Architecture and power
Machine learning algorithms tend to have a simple architecture, like linear regression or a decision tree. Machine learning capabilities also tend to involve less processing power. It can be set up and operated rather quickly but may yield limited results.
Deep learning is far more complex. While it does typically require more powerful hardware, resources and setup time, it often generates results instantaneously and requires minimal, if any, upkeep. - Data requirements
Traditional machine learning algorithms require much less data than deep learning models. ML powered technologies can operate using thousands of data points; deep learning typically requires millions. The data used is also largely unstructured and can include images and videos, allowing it to eliminate fluctuations and make high-quality interpretations.