Endpoint security is absolutely critical, particularly as our business went to a remote-first model. We needed a way to secure IT assets out in the field reliably but without disrupting legit business activity. Legacy solutions also tended to bog down CPUs.

Deep Instinct was a strategic complement to our Open XDR platform. With it, we have bolstered our prevention capability to go with our already strong detection and response capability.

The deep learning concept that powers Deep Instinct has been very effective at blocking threats and minimizing false positives that disrupt legitimate business activity.

It has caught a lot of things for us and prevented a lot of things, saving some of our time. It prevented a couple of ransomware situations and that does give me peace of mind. When it does catch something like that, it locks up the person's computer and they end up saying to us, "Hey, what's going on? My computer is not working right." We say, "Yeah, you picked up something and it looks like it's ransomware," when we look at the log. The solution is doing its job by preventing that from spreading. For people who are hybrid and come back into the office, I don't have to worry about that.

For the most, Deep Instinct has done a pretty good job of blocking a lot of this stuff in advance. That means we don't have to spend all that time remediating things and can do more of the forensic investigation part. It's been a great ride having Deep Instinct on the side.

We have a small IT team. We only have one cyber security engineer and a couple of help desk individuals. It's helped our team a lot, and our agency as a whole, in terms of enabling us to focus on other things, rather than fighting all those battles on everybody's endpoint.

In the past, when we used a traditional antivirus, it wasn't really blocking anything. It was more signature-based and a lot of things were coming through. What usually ended up happening was that we would have to wipe the computer and there would be at least a couple of days of downtime for that individual. And that was in the past, before COVID, when people were traditionally coming into the office where they had another device they could work on.

But now, everybody only has that one laptop or one desktop, so if they're out, they're out. With DI, we haven't had that issue where we have to wipe that person's computer out. Usually what we find is that if it's some adware, we just clean out and reset their browser and that gets them back in the game. That saves us a lot of time and effort for all our staff.

In short, it's a time-saver. There are a lot of things that DI does in the background for prevention. I don't have to worry too much about risk. The only risk for us is if an endpoint doesn't have Deep Instinct at all. As long as we have DI on an endpoint, it's going to do its job and I don't have to worry about the risk when they're taking that endpoint home or elsewhere. It's definitely one good layer of investment that we have put in and we're definitely going to keep that going.

Deep Instinct’s prevention-first approach to stopping unknown ransomware and malware is the reason why we purchased the product. The pre-execution versus post-execution is a big piece for us where it is able to stop something before it even hits the box or desktop. That was one of the big reasons why we went with Deep Instinct.

We get a lot fewer calls and help desk tickets, where people say, "Hey, I got a virus," or "My machine is locked up." Productivity from an end-user perspective has obviously increased because they can get things done. From the help desk side, they don't have to go around troubleshooting or re-imaging machines.

Deep Instinct has helped improve the employee experience via reduced operational disruption since less downtime means people work more. Their machines are not offline. This is very critical for our SOC operations and their remediation needs. If there are fewer threats that we have to deal with, then we have more time to work on the few things that we need to work on. We don't need to be troubleshooting a whole slew of stuff. So, it has definitely improved the lives of our SOC operation employees.

Operations-wise, it has given us more uptime from the user community.

Deep Instinct has helped us to be a lot more proactive on the security front, rather than reactive. We still have to address the threats that it finds, but because it's proactive it stops things before they occur. Instead of spending time trying to investigate what happened, we spend the time on the front-end determining if it's something we should allow or not. It has saved us a lot of time in incident response.

It has also reduced our SOC’s endpoint protection management time and resulted in a significant reduction in false positives. And while we haven't seen a drastic reduction in operational disruption with Deep Instinct, because the solution we had before was working pretty well, I'm sure the fact that it has detected and prevented things has helped people work a whole lot more effectively.

As far as we know it has helped prevent the newest threats and that is very important. There's always something new coming out and trying to stay ahead of that is always a challenge. Compared to the solution we had previously, Deep Instinct is way more thorough in its analysis of the files and memory.

We think of this product as a fishing net that fits into the computer and has all of the capabilities and understanding of what ransomware and malware look like. It reacts to the look of ransomware, as opposed to trying to detect it by using a signature.

In our experience, it is a whole different concept that is extremely effective.

Take, for example, EMOTET. It is a really nasty piece of malware. I joke with my clients that it's like the evil party-planner. It gets a foothold and then it pulls in all its bad-guy buddies. EMOTET is exceptionally dangerous because it's multifaceted: botnet, cryptocurrency mining, and ransomware. Being able to prevent threats such as EMOTET, which was originally intended to attack the banking industry, is among the best successes we've had with DI. And it's just one of many. It's been so substantial that I don't even know how to quantify it.

To put it in context, when we review a security product, everything we do is weighed against three criteria: security, reliability, and a positive user experience. Within any cybersecurity solution is the need to strike the balance between security and productivity. When you take a product like Deep Instinct and remove the overhead while allowing the organization to function as though there were no security inhibitors - yet still provide that high level of security - to me that's a huge win because we’re not sacrificing productivity. We are allowing the organization to still function at a high level without the burdens of so many controls that choke the machine from unnecessary overhead.

In terms of CPU consumption, it is exceptionally low. We've been running the product for over a year internally, and we have zero issues. I am aware that in some environments, when first deployed, because it literally scans the entire machine, it can consume resources. But after the initial scan is complete, we don't even notice it's there. From a pure user-perspective, in comparison to some of the traditional "bloatware" that some of the legacy, traditional AV guys have become over time, it's a substantial difference on the positive side in the sense that you just don't notice it. I literally notice no impact on my day-to-day actions. It's somewhat amazing. The footprint is so light that you wonder, "Where's the 'gotcha' in this?" Light footprint and super effective? Okay, sign me up.

Deep Instinct complements the solutions we already have. You don't need to rip and replace any antivirus or endpoint that you have. It's easy to use and it's easy to have it side-by-side with other solutions. That makes it really easy to have an additional level of endpoint protection, rather than to hassle with doing solution migration.

It helps with real-time prevention of unknown malware. I have seen several instances where, when I surf the web, Deep Instinct prevents it and quarantines it for me. The other solution that I am using doesn't pick it up. Deep Instinct prevented me from clicking on it. Otherwise, I would have been infected.

Also, the CPU consumption is low compared to what I have been using in my current environment. The footprint is a lot smaller, about a quarter of what I have now. It is very small. It doesn't use up many resources. It's only when it's running one particular type of scan that it really spikes up the resources. Otherwise, it really just stays in the background and is low on footprint.

I had one of the traditional AVs in my environment and I had some sort of unusual behavior on my machine. I was trying to figure out what was going on. The AV did not pick it up. I tried some other solutions as well, traditional ones, to find out what was going on, but nothing got picked up. The machine was very slow and at times it would act very funny, screens would flick around and sometimes it would just close down.

I definitely knew there was something going on. I thought, "Given I have Deep Instinct now, let me try it on that machine." When I installed it, the moment it started to scan the machine, it picked up this particular virus which had actually masked itself like a fake OS. It had actually taken over my original machine. Nobody else was able to pick it up, but Deep Instinct was able to and it freed up my machine. Now the machine is absolutely fine.

I've got the image of that virus in the sandbox to try to find out exactly what sort of virus it is. As of today, nobody else has picked it up. It's a six-month-old virus.

Some of my customers have come across quite a few other malicious files which were underscored by other solutions and, obviously, they were not happy with the traditional solutions. They have compared it with the likes of Kaspersky, Trend Micro, Symantec, and McAfee, but Deep Instinct stands out, catching everything. Deep Instinct is much more powerful because of the way that it has been made.

In my own environment, Deep Instinct has found around 15 to 20 such malicious files in six to seven months.

It also helps with real-time prevention of unknown malware. I was trying to backup one of my mobile phones on my laptop, and some script would have ended up being uploaded onto my machine. Because the agent was live, the moment it detected something it just blocked it. It just picks up things straight away.

I haven't really looked at the CPU consumption, but given that even when the scanning was going on, as well as any live detection that comes through, I have never seen any performance degradation on my machine. It's been working fine without me noticing anything happening in the back end. I haven't seen any problems in terms of the performance of the machine, but I haven't really checked out the CPU consumption. I probably would have looked at it if I had found the machine was slow. But I've never needed to because it is so fast.

There is no comparison, regarding CPU consumption, when you look at competitors. There's really no comparison at all. One of the major AVs has so many different services that degrade the performance quite a lot, and one has to keep turning off all the other services just to keep my machine working and to avoid alerts. It has been a very different experience using Deep Instinct. I don't have to worry about some other solution adding more services. One engine does its job.

For me, it definitely takes a lot of time and effort away from trying to find the cause of the problem if an attack happens. Without the solution, if something goes wrong, it's usually going to take a couple of hours just to figure out what's wrong with the machine. It definitely saves that time and effort.

The installation and configuration are simple in Deep Instinct. The policy is easy, taking maybe a couple minutes to set it up. Usually, we use the default policy setting and enable the SMTP and SYSLOG to configure the administrator information, as the configuration work is low.

We do need to set up some releases for different environments. Some customers have some custom-made applications in their environments, which are more distinct. However, it doesn't spend too much time for every deployment, benefiting the customer.

We use this solution for classification of unknown malware without human involvement. I collect malware from the internet. I put it into the testing environment of Deep Instinct, and it can always be detected.

It provides a very high detection rate and a very low false-positive rate. 

It also helps with real-time prevention of unknown malware, easily. For example, when a file attached to an email is opened, Deep Instinct prevents any malware immediately, when compared with similar solutions.