Deep Instinct Review

Its false positives are very low because the behavior analysis engine double checks them

What is our primary use case?

I use it quite extensively. I use it on my PC, server, and mobile phone for my own testing. I also use it for testing of some of my business partners, including telecommunications, construction companies, banks, EFSIs, different industries, and different scenarios.

How has it helped my organization?

The installation and configuration are simple in Deep Instinct. The policy is easy, taking maybe a couple minutes to set it up. Usually, we use the default policy setting and enable the SMTP and SYSLOG to configure the administrator information, as the configuration work is low.

We do need to set up some releases for different environments. Some customers have some custom-made applications in their environments, which are more distinct. However, it doesn't spend too much time for every deployment, benefiting the customer.

We use this solution for classification of unknown malware without human involvement. I collect malware from the internet. I put it into the testing environment of Deep Instinct, and it can always be detected.

What is most valuable?

  • High accuracy
  • High detection rate
  • Low false positive rates
  • Easy deployment
  • It is not necessary to update signatures.
  • There is no database.

The detection rate is very high. In all the testing with around 20 partners in different environments, quite a lot of them had installed with other anti-malware applications, like Sophos. This software can co-exist with those applications in the same machine. This is impressive.

I found Deep Instinct can detect a lot of unknown malware early. Others, like Sophos, could find the same malware maybe a couple weeks weeks or a month later, since a lot of malware is not being reported to the virus websites.

Deep Instinct's detection rate is close to 100 percent.

After they introduced the behavior analysis engine, I even detected attacks via vulnerabilities in Microsoft. Its false positives are very low, because the behavior analysis engine double checks them.

What needs improvement?

I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS.

At this point, they don't have a local quarantine feature that can be triggered by the agents. It has to be done by whitelisting. Deep Instinct has also said that this will be available in Q2 2019. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is quite stable. So far, there was one bug in a previous version, which I couldn't uninstall. I consulted with an Deep Instinct engineer, and they had a quick check, then spent 15 minutes easily fix it. 

Besides, that one issue, I haven't had any serious problems with the software.

What do I think about the scalability of the solution?

Scalability is fine. The server can easily take up to 1000 agents. The server is simply a management console.

Our customers are looking to scale up pretty quickly because they have seen the benefit of its use.

How is customer service and technical support?

The technical support is quite good. The engineer who I usually contact is in a different time zone. They do have another engineer who is in a similar time zone, but he is not the one who was my initial contact. While the new contact is in Singapore, I usually contact the engineer in Israel since his understanding is better. Every question that I have asked, he can answer it. Even for cases where there is an unknown malware. For example, I ask him, "Can you check it out? What type of malware is it? What is that behavior? What's its background?" He can return to me within one or two days with an answer. Also, if there are any problems, he can do the remote troubleshooting quickly.

How was the initial setup?

The initial setup is straightforward and easy. Deployment takes three to five seconds. There is no configuration on the agent side. The policy setting is all on the web console. Usually, we use the same implementation for all customers, this is to use the default strategy.

They use a cloud management server. So, I can check logs and do the configuration by simply using the web browser, no matter where I am. This is quite convenient. Also, deployment is easy because it takes one command and three to five seconds. In some cases, when we deploy Deep Instinct, especially in conjunction with existing anti-malware software, we don't need to delete the existing anti-malware. It can co-exist together. Therefore, the company doesn't need to risk removing the existing anti-malware. 

It's not easy to remove an anti-malware application. Usually, you will have some trouble.

What about the implementation team?

For Deep Instinct, it doesn't need me to download a database. It doesn't need any configuration. I can deploy a hundred machines in maybe an hour.

What was our ROI?

The time savings is very obvious. For ongoing maintenance, I don't need to take care of it at all. I just let it run.

Another thing is it does not need an expert to work with it. Sometimes, when you set up a policy or different settings on another solution, you need a network engineer and a systems engineer, and even someone who specialized in antivirus or security. For Deep Instinct, we just need an operator who can do this. 

What's my experience with pricing, setup cost, and licensing?

The pricing is okay. 

  • Compared to Symantec, the pricing is a bit more expensive. 
  • Compared to Sophos Intercept X, the price is about the same or slightly cheaper. 
  • Compared to Carbon Black, it's much cheaper. 

If I include the false positive rate and the detection rate in the comparison, Deep Instinct is worth its price.

Which other solutions did I evaluate?

While there is some malware which can be detected by other applications, all malware can be detected by Deep Instinct.

I tested Symantec, and it took two days to install and configure one Symantec Management Server and a client agent, which is troubling. Then, I had to install the other agents and the installation may have taken 30 minutes. Afterward, I could spend three to six hours downloading the database for one machine. I had to do this for every machine. On the other hand, Deep Instinct took me five seconds to install. Even then, Symantec only detects 60 percent of the malware.

For my own laptop, Deep Instinct takes less than one percent of the CPU and less than 50MB of memory. In addition, I have a Symantec Endpoint Protection testing environment, and while it's just a testing environment and there is no malware with nothing running on it, Symantec takes about 20 to 30 percent of the CPU quite frequently and 80MB to 100MB of memory.

In a production environment of a construction company, Deep Instinct detected 160 malware while Sophos Intercept X detected two malware in the same environment.

For unknown malware, McAfee has a 20 to 30 percent fail detection rate. Symantec has a failed detection rate at 50 percent. Traps is better at ten percent, while Deep Instinct is at one to two percent. This difference is due to the behavior in the Deep Instinct engine.

What other advice do I have?

Put it on your Internet with your existing anti-malware. You will be amazed.

Our information security officer thinks this is a good solution. He definitely gives it a thumbs up.

For financial company or banks, they should know that Deep Instinct does not require internet connection nor require frequent updates for a plan agent or server. Once they know that, Deep Instinct is the only choice. Usually, for the banking and finance industry, there are a lot of servers or PCs, and they are in a closed network which can't access the Internet. So, they always have a problem updating a signature and a plan agent, patching it, etc. Deep Instinct totally fits this gap.

Installation is easy. I taught a partner in China by spending 30 minutes showing them the installation steps and every setting in the web console. Now, they can do it by themselves.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Sign Up with Email