Deep Instinct Review

Detected a virus that nothing else picked up, and has the lowest false-positive rate I've seen

What is our primary use case?

I use it to help my customers secure their environments. I am using it internally for my own network as well.

How has it helped my organization?

I had one of the traditional AVs in my environment and I had some sort of unusual behavior on my machine. I was trying to figure out what was going on. The AV did not pick it up. I tried some other solutions as well, traditional ones, to find out what was going on, but nothing got picked up. The machine was very slow and at times it would act very funny, screens would flick around and sometimes it would just close down.

I definitely knew there was something going on. I thought, "Given I have Deep Instinct now, let me try it on that machine." When I installed it, the moment it started to scan the machine, it picked up this particular virus which had actually masked itself like a fake OS. It had actually taken over my original machine. Nobody else was able to pick it up, but Deep Instinct was able to and it freed up my machine. Now the machine is absolutely fine.

I've got the image of that virus in the sandbox to try to find out exactly what sort of virus it is. As of today, nobody else has picked it up. It's a six-month-old virus.

Some of my customers have come across quite a few other malicious files which were underscored by other solutions and, obviously, they were not happy with the traditional solutions. They have compared it with the likes of Kaspersky, Trend Micro, Symantec, and McAfee, but Deep Instinct stands out, catching everything. Deep Instinct is much more powerful because of the way that it has been made.

In my own environment, Deep Instinct has found around 15 to 20 such malicious files in six to seven months.

It also helps with real-time prevention of unknown malware. I was trying to backup one of my mobile phones on my laptop, and some script would have ended up being uploaded onto my machine. Because the agent was live, the moment it detected something it just blocked it. It just picks up things straight away.

I haven't really looked at the CPU consumption, but given that even when the scanning was going on, as well as any live detection that comes through, I have never seen any performance degradation on my machine. It's been working fine without me noticing anything happening in the back end. I haven't seen any problems in terms of the performance of the machine, but I haven't really checked out the CPU consumption. I probably would have looked at it if I had found the machine was slow. But I've never needed to because it is so fast.

There is no comparison, regarding CPU consumption, when you look at competitors. There's really no comparison at all. One of the major AVs has so many different services that degrade the performance quite a lot, and one has to keep turning off all the other services just to keep my machine working and to avoid alerts. It has been a very different experience using Deep Instinct. I don't have to worry about some other solution adding more services. One engine does its job.

For me, it definitely takes a lot of time and effort away from trying to find the cause of the problem if an attack happens. Without the solution, if something goes wrong, it's usually going to take a couple of hours just to figure out what's wrong with the machine. It definitely saves that time and effort.

What is most valuable?

It is a very easy solution in terms of the deployment. It's just a single agent that has everything in it. You don't have to really think too much about your strategy for securing your endpoint. With the EDR solutions, you have to install it, then you have another service history installed, and you have behavioral analytics, etc. With this, everything is in a single small "box," a small agent that has pretty much got everything. This is what has excited me, my team, as well as my end customers who are using it. It's an absolutely fantastic solution. 

It's very easy going and has got the latest technology, which is the deep learning. That is one step ahead of machine-learning because there is no feature engineering in it. That is the key difference. With today's solutions, everything around them can be re-engineered given they have access to similar tools outside. Given the proprietary framework these guys have, nobody else has access to it. That makes it more secure.

It classifies unknown malware as well. I've got various classifications already: either a backdoor entry or 100 percent virus or malware or a scripting shell. Scripting shell has been detected quite a lot. Viruses have been detected. Two backdoor entries have been trying to get on. I've got a number of different types of attacks that have been happening.

From the dashboard, I can see what I've picked up that's live. I can see the number of users, the number of devices, what are the risks. It has remote accessibility to deploy the agent as well as remove the agent, as well as modify it and update it.

It has the lowest false-positive ratio that I have come across. I have only had one which was a legitimate file that I had to whitelist. It was for one of the applications I was trying to install and integrate. But the false-positive ratio is very low.

The online and offline mode of this technology has actually made a huge difference. I don't have to worry about my employees when they take their machines anywhere. Whether they're connected or not connected, I know it's all secure. If anybody tried to put in a USB or whatever, it just does its job. From that perspective, I see a big difference.

What needs improvement?

If they can bring some additional, complementary solutions, like network scanning and the like, that will help. If they had some sort of a firewall which could help detect DDoS attacks and other things. It's just an extension of what they do, so it would not be just the endpoint. If they can take the technology and make it more useful across the network and add anything that could help improve the work environment, that would be good. 

I'm watching closely to see what they next bring onboard. But within the product itself, overall I don't see any required improvement because it has a very lightweight agent, it's fast and quick, and it detects everything. I haven't experienced any negativity on the Deep Instinct side.

The UI is pretty straightforward. It's very simple. It would be nice to have if there were options where, if I have to do SIEM integration, I could do so from the UI: Just pick and choose what SIEM solutions the customers use and have options to have out-of-the-box connection facility. If I had an option to do SIEM integration out-of-the-box from the user interface, that would be handy.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It's very stable. I haven't had any issues with the deployments, any performance issues, or conflicts with anything.

One exception was when one of my customers tried to do the install Deep Instinct, but their existing Bit Defender was detecting the solution as something trying to get into the environment. Obviously there was a conflict. We just whitelisted on both sides and both of them were talking to each other. They were augmented rather than competing.

What do I think about the scalability of the solution?

It's quite scalable. In fact, I'm working on an opportunity where we're looking at around 20,000 seats. I don't see any issues, although time will tell when we deploy 20,000. But it is scalable to that extent.

How is customer service and technical support?

Support is fantastic. Whenever I have any kind of query or questions, the team is absolutely spot-on, responding back immediately.

When I was doing a small pilot for one of my customers, I got stuck with a very silly thing about creating a user ID in the organization. I got stuck with configuring some rules and policies. I called and, within 20 minutes, somebody called me back and I had my answers. I had no problems at all.

Whenever I want to contact them, they proactively get back to me, so I don't have to keep chasing them.

Which solutions did we use previously?

I moved out my other solutions after I got Deep Instinct. I didn't want to have anything else further complicate the matter, in case something happened with a machine. I removed them all and just use Deep Instinct.

I said, "All right, let me take your solution on board and also be an advocate in my country." I was one of their first customers and partners in the country because I was so convinced about the technology that they presented. I've never seen anything like it before. I can see the power of it, I can see how it can benefit customers. 

How was the initial setup?

The Set-up is very straightforward.

For deployment, I just need to extract the agent from the console and send it across and run it. It takes 15 to 20, max, to do a small deployment. Depending on the size of the organization, if using central deployment tool, just put it into an image and deploy it. When it runs it starts talking to the console without any other intervention.  No issues at all.

Depending on the size of the customer, It will take some time to do the initial setup of the console. In total, it will take about an hour-and-a-half to have everything, with the user-group policies defined, the users defined, the sites, and all the other things that can be done without much hassle.

I wanted to put together a standard document which would help customers to just do that but, as it's so simple and straightforward, I just keep everything ready on the console. I create the customer details on the console and just send the agent. 

There's no rocket science involved at all here and that's why it is so easy. There is nothing else to be prepared because there is no system downtime. You don't have to integrate this solution with anything else. It is autonomous and it just does its job.

In terms of staff for deployment, it's a one-man show. And there's hardly any maintenance because, once the agent is deployed, there is nothing else to be maintained, unless there is a conflict with something else. Apart from that, the product doesn't require any maintenance.

What about the implementation team?

Vendor Team. They are excellent !

What was our ROI?

I have definitely seen ROI. Whatever price I paid for, I got my returns when it detected that virus that was in my environment already. I got my returns pretty much by securing all that. The information that probably would have gone out, had that virus spread to other machines, could have been a big catastrophe for my business. It's done its job and it's pretty much paid off what I spent on it.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are very straightforward. It's two SKUs, one is for the console and the other is for the client. 

One thing about their licensing program that I like is that just one covers the server as well as on the endpoint as well as mobile devices. There is no complexity in calculating how many SKUs I need for mobile, for laptop, for desktop, and for servers. It's very simple and that makes it much easier to budget. You know how much you're spending and how you're securing your environment with that technology.

Which other solutions did I evaluate?

I've never come across anything like this. I looked at other things as well. I've been hearing about Carbon Black, Cylance, CrowdStrike, and all the other AI & ML Solutions. All of them have limitations in terms of what they can do and how they do it. It's still human intervention. It's still behavioral analysis, heuristics, etc. There's nothing wrong with that, but they still haven't found a way, like Deep Instinct has, to take all that pain away in a single solution.

Deep Instinct can actually predict unknown malware that is going to come out, as well, because of the way they have built this technology. It can predict the tiniest mutations of viruses or new malware that is coming out. These guys can predict it straight away, whereas the others can't, until something goes through and they work on it and find to fix it. I.e., post execution, where the damage is already done! Everything they do is post-execution. What's the point? If your technology, which you say is that great, cannot detect earlier on, prevent it before happening, then I don't think it's good enough.

That is what I have seen with Deep Instinct. It doesn't even allow something malicious to pass through. It saves a lot of time and effort in cleaning up rather than saying, "Okay, fine, I blocked it. Nothing to worry about."

What other advice do I have?

I've been sharing all my experiences around using it and how it's secure and that it's the next wave in the security world. It's changing the way security is looked upon from the endpoint perspective. They have made life so much easier. There's so much complexity with all the other solutions. When I talk to anybody, I tell them that if they really want peace of mind and a technology that can actually take care of your assets, Deep Instinct is the one to look at.

In terms of extent of use and increasing usage, I'm still a small organization, and growing gradually. I am getting more customers on board. The scale is obviously going up. At this moment, I'm managing roughly 400 + devices, with about another 3,000 in the pipe.

It's a ten out of ten. It's the best. All around, I'm pretty happy with them. I'm just excited to see what they bring me next.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Sign Up with Email