Please share with the community what you think needs improvement with Deep Instinct.
What are its weaknesses? What would you like to see changed in a future version?
Its support for Linux and Unix operating systems can be improved. Currently, they cover macOS and Windows, but they don't cover Linux and some of the Unix products. Pricing is also an issue. Its pricing is not as aggressive as it could be, and its price makes it difficult to sell. Customers feel that they can get an antivirus for a lower price, even though it is not a similar product. It is technically different. Their SLAs can be better. They have to give you 24/7 support, but their SLAs are not very good. They should be better documented, and the offerings should also be a little bit better. What happens is that the SLAs end up in the hands of the intermediary, seller, or the local partner of Deep Instinct in a country. The customers want very fast SLAs in a very short time, but Deep Instinct doesn't give them at the same speed. Having said that, SLAs are important when you have a lot of issues, but this product doesn't have too many issues, so it is not a big concern. However, for a customer who doesn't know the product, it could be a concern.
The Deep Instinct client stops working when you have two servers and you add high availability or Windows Failover Cluster mode. It doesn't work in a clustered mode. I haven't yet had time to go back and talk with their support and get it fixed. It would be good if they can make the installation independent of an actual user. Currently, its installation is dependent on the actual user being logged in. For example, a computer has to be logged in for the installation to happen. If it is not logged in, then on the cloud platform, it is going to show that the client is offline. On the management side of the cloud platform, we would like to have the administrators segregated by logical entities. We have told them that on their cloud management platform, we would like to be able to segregate clients into different logical entities or organizations so that the administrators are able to manage only those entities that are within their designated organization.
Some of the features are very resource intensive, such as the ransomware detection. It consumed so much of the resource on the endpoints that we have disabled those functions. If they could improve the detection logic so that those elements would consume less resource, that'd be effective. They could also improve the reporting feature so it coul be more like you find in Maltego or IBM's i2. They could introduce a graph feature to coordinate between search and those things, perhaps a dashboard of some kind.
My primary concern is that there are elements of the MSSP model that need updating. Specifically, there are some technical controls that need to be updated and it means that rolling it out is a little bit more complicated than it has to be. If the client is working remotely and doesn't have a VPN then the deployment is difficult to do. In the future, I would like to see additional reporting made available. Adding a firewall would negate the need for some products by other vendors. More generally, adding traditional endpoint security features over time would mean that we would not have to support multiple platforms.
Reporting on incidents needs improvement. It doesn't give very much information compared to Sophos. Sophos will give you a graphic that you can zoom in on the subject and find out everything that the exploit tried to do. It gives you a visual sense of what is going on. When it does find something I am not 100% sure that they are exploits or if they are false positives. At times, it can be difficult to tell what the problem is. The deployment was a bit difficult. It was more difficult than Sophos, for example, with having to create an installer. I had to read through a lot of documentation to figure it out. It's clunky and cumbersome. In Sophos, I can click what I want and it downloads an installer for each tenant. It just takes seconds. Whereas with Deep Instinct, I have to create a whole script and a lot more steps to deploy it. You have to be more technical to deploy it. You can't just send a file to an end-user and have them install it. You have to have technical expertise. The dashboards are quite primitive compared to Sophos, which is both good and bad. It's good because it's fast. Easier Deployment would be better. More integration with RMMs, such as LabTech or Automate. Also, there should be more optics. When it does something, more information on what's happening would help us to make better decisions.
The Achilles heel in our industry is reporting. I would love to see exceptional, outstanding level of reporting. I know that's like asking for a unicorn to leap out of the sky with any of these products. But reporting is always the thing that it is challenging. Fortunately, because as operators we get information through the dashboard, it hasn't been an issue yet. But for us, to really differentiate and really squeeze the full value out of this with our clients, the reporting is critical. Why is that? When everything works, clients began to wonder: "Everything's fine. Why do we need you?" That's where the reporting capabilities would allow us to really demonstrate: "Hey, here's what's actually going on, Mr. Customer."
If they can bring some additional, complementary solutions, like network scanning and the like, that will help. If they had some sort of a firewall which could help detect DDoS attacks and other things. It's just an extension of what they do, so it would not be just the endpoint. If they can take the technology and make it more useful across the network and add anything that could help improve the work environment, that would be good. I'm watching closely to see what they next bring onboard. But within the product itself, overall I don't see any required improvement because it has a very lightweight agent, it's fast and quick, and it detects everything. I haven't experienced any negativity on the Deep Instinct side. The UI is pretty straightforward. It's very simple. It would be nice to have if there were options where, if I have to do SIEM integration, I could do so from the UI: Just pick and choose what SIEM solutions the customers use and have options to have out-of-the-box connection facility. If I had an option to do SIEM integration out-of-the-box from the user interface, that would be handy.
The Management Console is not localized.
I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS. At this point, they don't have a local quarantine feature that can be triggered by the agents. It has to be done by whitelisting. Deep Instinct has also said that this will be available in Q2 2019.
I would like to see improvement in the user interface so that the user has more control. For example, it would be good if a user could change their grouping if they want to be part of another group. Or if I want to right-click and scan a specific file that I just imported, that would be helpful. Sometimes you just want to do an extra scan to make sure you're safe.
I am interested in the ability to detect malware through deep learning of Deep Instinct products. Can anyone give some feedback?
What is the best for ransomware infection?