In an 'assume-breach' world of detection and response, Deep Instinct allows us to once again have an effective prevent-first approach to cybersecurity. This enables us to block more threats immediately and therefore reduce the strain and stress on our SOC. With security staff scarcity, more effective and reliable endpoint security is a must. And Deep Instinct has been able to deliver that across a wide range of endpoints for us. It offers:

• Compatibility with our IT environment and assets
• Deep Learning based prevention eliminates constant updates
• Protection from zero-day malware and ransomware
• Fewer updates with no weekly scans impacting device performance.

The prevention pieces, which are the policies we worked on with the DI team, are very valuable. They guided us through a setup with policies that were very conservative. We can see what gets flagged. Eventually, we tweaked them with the DI team so they're blocking more. That has really helped our team to save time.

It's very easy to use for a small team. We're a non-profit and we don't have a big cyber team and individuals that can do the pen testing, the red team/blue team type of work. We only have one individual who is dedicated to the role of monitoring and making sure that we're safe. So the prevention piece it gives us is very important. It saves us a lot of headache.

The feature I like is that the dashboard is intuitive. I like the dashboard. It looks very simple. And the allow list feature to allow it generates a few false positives as lots of products do. So the allow list is quite useful.

The most valuable feature is its inline processing, preprocessing, or prescanning against the files before they come in. Most A/B does post-processing so the preprocessing is big for us. 

Another value of the solution is having fewer false positives. That is another big plus.

They are pretty good with automatic updates and algorithms. They seem to catch the newest threats quite quickly. This is extremely important for our organization.

I really like the behavioral analysis feature, because it looks at all the different things, like arbitrary shellcode and reflective DLL. It looks at a lot of things that threat actors use as threat vectors to get into the environment.

It's also very easy to use and very intuitive. That was one of the reasons we picked it. The console is really simple and easy to figure out, as is creating policies. Every policy just needs a group and you can break out the policies per group. That means when you need to make changes, you can do it pretty easily. I can change a group's settings by just opening up a window and selecting dropdown options. 

You can also select what you want things applied to. You can be very granular with your application of it.

I've also been very impressed with Deep Instinct's prevention-first approach to stopping unknown ransom and malware. We had another solution that took a very similar approach—prevention first rather than reactive. This was another one of the reasons we picked Deep Instinct. So far it has been very good at catching things before they execute, which is what we wanted it to do. It's very quick. As soon as it sees something, it quarantines it.

And the predictive and prevention capabilities for shellcode and fileless-based attacks are very important. Yet another reason we picked it was because of how thoroughly it looks through files. It's also very helpful that the predictive and prevention capabilities are built into the 3.0 release and don't require special rules or configuration. When an update comes out, it doesn't require us to reconfigure the device or the policies. It just follows along with what happened before. And if something is a brand-new feature, it comes out in "detect only," and that gives us an opportunity to test it before actually doing any prevention.

One of the advantages of the solution is that it provides only two updates a year.

It performs most of its duties effectively in the pre-execution stage. Whenever someone downloads a file, the system immediately detects it and prevents its execution if required. If a file bypasses the initial download detection, the system will still intercept and stop it in the pre-execution stage.

The most valuable feature is its ability to detect and eradicate ransomware using non-signature-based methods. It is not a traditional EDR.

We provide managed security services to our clients and my belief is the best threat is the one that never happens or is mitigated before it's given an opportunity to establish a foothold. We were approached by a peer of ours about two-and-a-half years ago, right before we met Deep Instinct, and discussed partnering with them to resell our infrastructure solutions, and us support and be the West Coast coverage for a competing endpoint solution. We didn't move forward with our peer, though it became clear, coming out of our discussions with them, that our infrastructure services that were our core competency were going to need to be complemented with an endpoint solution, because these folks were now a competitor.

We started looking at different options. This is around the time that a lot of players were starting to come up, such as Cylance, SentinelOne, and Carbon Black. We worked through the gauntlet of these products and others. Interestingly, within a month I was introduced to Deep Instinct which had just come out of stealth mode. It was a differentiator. Of all the products, what I saw that intrigued me most were the prevention capabilities, where instead of focusing on features like rollback, the whole premise and the context of the solution is to actually prevent these malicious attacks from happening to begin with.

As a service provider who is responsible for the wellbeing of our client base, that's a much more appealing approach than the ability to roll back, because in any rollback situation there is always an opportunity that it's not going to roll back exactly how you wanted it. So it aligned with our core business values. The ability to prevent threats is the most appealing aspect.

Deep Instinct absolutely, 100 percent helps with real-time prevention of unknown malware. That's the strength of the product. We've just surpassed 20,000 endpoints under our purview, and over 75,000,000,000 files scanned. We had an event this past summer where there were some environments that hadn't fully migrated over to Deep Instinct. Within those environments, the machines that were defended by Deep Instinct continued without issue, whereas user machines that were not defended by Deep Instinct had substantial issues that were not resolved until we actually were able to get Deep Instinct on them.

We have a running list of all the competitive products we run over the top of or concurrently with Deep Instinct. At one milestone, Deep Instinct had discovered over 5,000 existing threats that were present on existing workstations, across 32 different competitive products that were defending these workstations, though provided zero visibility into the fact that the risks were present. This number was at the 7,500 endpoints defended milestone and has grown significantly as deployments have expanded. It is worth mentioning, included in that list are all the aforementioned competitors we had considered.

Deep Instinct provides classification of unknown malware without human involvement. Our analysts and engineers use that data as part of the validation and remediation process. The feature is tremendously insightful and tremendously helpful. As an operator, anything that shortens the path to clarity is a value.

Finally, one of the most important things that we haven't highlighted yet is that it has a very low false-positive ratio. That is important because it means we're are maximizing our efficiency. Because the false-positives are so low, our need to carry excessive staffing is minimized by not requiring headcount to filter through the noise. In our assessments of other products, we learned some of the competing products literally have teams of hundreds of analysts breaking down threats that their tools are detecting due to excessively high false positives. Because of this, those solutions were not considered. We're able to support the entire 20,000-endpoint base with just a handful of engineers. The time savings are substantial, and impact on morale positive. We’re seeing false-positives at about 5 for every 10,000,000 files scanned. There's one company that comes to mind and I know they have more than a couple of hundred analysts filtering through what they're flagging. I actually don't know if Deep Instinct has any analysts because the detection rates are so high.

What is commendable about Deep Instinct is that they have a single platform, regardless of whether you have Windows, Mac, or even Android phone. It's a very good platform because it's all-in-one.

In addition, it's easy, because once you deploy the endpoint, the policy comes in and there is not much to configure. You can do whatever you like, unlike other solutions where you need to explicitly create exceptions if you want to do certain things. Here, you can do anything that you want and have the assurance that Deep Instinct will catch anything that is malicious.

The malware classification is very good because it tells me, "This is most likely ransomware or a worm." In other solutions, they usually just have a flat statement saying it's a worm or just that it's a virus. That leaves it open-ended and you have to do your own investigation, put it into a sandbox and really explore it before you actually know what it is. A lot of technical or even expert knowledge is required before you can analyze it. Here, you can do it without an expert opinion. It's better laid out in the static form. It even tells you the process chain, where you know what executes and then what happens to it. If it's running something that it shouldn't, then that's potentially something bad.

The most important thing is that it is for prevention. It prevents attacks of any type of malware. Normally, what we've seen in other products is that they are not for prevention. They isolate a possible threat that they don't understand or know about, and then they check it with our database to see if it needs any correction or elimination. This means that the threat is already inside a customer's base, whereas Deep Instinct prevents a threat from getting in. Prevention is basically done by an agent in each installation, PCU, or product. An agent has its own intelligence to be able to detect if it should stop a threat or not. It has been taught. It is like a brain that has been taught to react according to any possible threat.

Deep Instinct is very light. It doesn't take too much CPU attention or memory. It doesn't slow down the performance. You don't really realize any change in the performance, which makes it very different from other solutions. They are usually heavy for the users.

It is a very easy solution in terms of the deployment. It's just a single agent that has everything in it. You don't have to really think too much about your strategy for securing your endpoint. With the EDR solutions, you have to install it, then you have another service history installed, and you have behavioral analytics, etc. With this, everything is in a single small "box," a small agent that has pretty much got everything. This is what has excited me, my team, as well as my end customers who are using it. It's an absolutely fantastic solution. 

It's very easy going and has got the latest technology, which is the deep learning. That is one step ahead of machine-learning because there is no feature engineering in it. That is the key difference. With today's solutions, everything around them can be re-engineered given they have access to similar tools outside. Given the proprietary framework these guys have, nobody else has access to it. That makes it more secure.

It classifies unknown malware as well. I've got various classifications already: either a backdoor entry or 100 percent virus or malware or a scripting shell. Scripting shell has been detected quite a lot. Viruses have been detected. Two backdoor entries have been trying to get on. I've got a number of different types of attacks that have been happening.

From the dashboard, I can see what I've picked up that's live. I can see the number of users, the number of devices, what are the risks. It has remote accessibility to deploy the agent as well as remove the agent, as well as modify it and update it.

It has the lowest false-positive ratio that I have come across. I have only had one which was a legitimate file that I had to whitelist. It was for one of the applications I was trying to install and integrate. But the false-positive ratio is very low.

The online and offline mode of this technology has actually made a huge difference. I don't have to worry about my employees when they take their machines anywhere. Whether they're connected or not connected, I know it's all secure. If anybody tried to put in a USB or whatever, it just does its job. From that perspective, I see a big difference.

It has given us a more structured approach for detecting and preventing threats. It has machine learning-based detection and prevention. Their engines, in even older versions, are able to pick these viruses and malware. They have posted a lot of use cases online for detecting different viruses and malware that have been out for many years. 

• High accuracy
• High detection rate
• Low false positive rates
• Easy deployment
• It is not necessary to update signatures.
• There is no database.

The detection rate is very high. In all the testing with around 20 partners in different environments, quite a lot of them had installed with other anti-malware applications, like Sophos. This software can co-exist with those applications in the same machine. This is impressive.

I found Deep Instinct can detect a lot of unknown malware early. Others, like Sophos, could find the same malware maybe a couple weeks weeks or a month later, since a lot of malware is not being reported to the virus websites.

Deep Instinct's detection rate is close to 100 percent.

After they introduced the behavior analysis engine, I even detected attacks via vulnerabilities in Microsoft. Its false positives are very low, because the behavior analysis engine double checks them.

It's a new solution that is beneficial for the endpoint because they have a new perspective on cyber security. 

The agent and this platform do not require the endpoint to be connected to the network because the agent is designed to understand the threat, and tags it. 

When the platform is connected to the network, he receives new mathematics as well as other tools to check the threat.

The user interface is a good feature. It shows which process has been accessed and the flow. The detections for PowerShell are also pretty good as is the active scripts detection feature. 

This solution is good at catching viruses and it's very effective and lightweight, which are all things that you want in an antivirus product.

It's fast in comparison and we like that. It's simple, which is okay.

The most valuable features are the static/dynamic analyses. Deep Instinct's predictive model has very high accuracy and provides threat information for unknown malware, such as malware classification, static analysis information, and sandbox information. The information can be obtained easily. Malware classification information is displayed automatically, within the event.

In addition, we have found there is malware prevented by DI, which other solutions did not prevent.