Deep Instinct achieved a 100% prevention rate and zero false-positives in SE Labs test

Mikesierra

Level 2
Thread author
Verified
Feb 26, 2018
97
NEW YORK, N.Y. – April 10, 2019 – According to the latest test results from SE Labs’ independent threat prevention evaluation lab, Deep Instinct’s D-Client (v2.2.1.5) achieved a 100% prevention rate and zero false-positives – when detecting and blocking known and unknown cyber threats, including file-based and file-less attacks. The independent results also highlighted Deep Instinct’s ability to provide a wide range of detection and threat blocking capabilities without interfering with system performance.

Powering Deep Instinct’s D-Client is a deep learning-based malware detection and prevention engine,
D-Brain, which was trained in August 2018, six months prior to the customized-targeted threats being created. However, D-Client was still able to successfully detect and prevent all attacks. By leveraging D-Brain’s proprietary deep neural network architecture – revered for the best accuracy in known and unknown malware detection and prevention – all threats were successfully prevented pre-execution with no other processes running.

“SE Labs’ tests are renowned for being technically challenging and in-depth. It’s rare to achieve 100 percent ratings, which is precisely what Deep Instinct has done with its D-Client solution,” said Simon Edwards, CEO of SE Labs and chairman of the board of the Anti-Malware Testing Standards Organization (AMTSO). “It’s impressive that the company’s technology was capable not only of blocking all of the advanced threats, but to do so with zero-false positives.”

More: Impressive!SE Labs threat prevention evaluation of Deep Instinct - Deep Instinct

In the video they claim that with their technology they are able to detect malicious code in virtually all file types. In case this is true I´m just wondering why other vendors are not able to apply their machine or deep learning models not only to binaries and office documents but to all file types.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Thanks for bringing this to our attention.

I like these types of programs -- the machine learning/AI advanced endpoint solutions.

I'm currently running Cylance and CrowdSrike on different machines... and I think they are lighter and better than most of the typical AVs discussed here at MT.

So... I'll contact Deep Instinct, tell them where I work, possibly get them scheduled for an organization demo, and see if they have unmanaged clients that we can get a few trial licenses...
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
It is like the antibiotic against the bacteria. So, it may be a step ahead of the malware, for some time. :emoji_pray:
Very true, but I don't have much faith in this Enterprise SE Labs report because IMO it's too poor. For example " APT28 6 " and that was blocked don't really cut it. I can guess it's version 6 etc. Also it looks like too much old malware samples is used.
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I like SE Labs testing.

Other test outfits design tests where 'everybody wins and gets a trophy.' Everybody is clustered above 95%. They don't design the test hard enough to show the differentiation of products. This is done purposely, as vendors tend to get their feelings hurt and go away and not come back as paying customers if they get hammered in testing.

SE Labs doesn't do that. And they expose vendors like Quick Heal, Webroot, McAfee for what they are.... inferior capabilities.

212370
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I like SE Labs testing.

Other test outfits design tests where 'everybody wins and gets a trophy.' Everybody is clustered above 95%. They don't design the test hard enough to show the differentiation of products. This is done purposely, as vendors tend to get their feelings hurt and go away and not come back as paying customers if they get hammered in testing.

SE Labs doesn't do that. And they expose vendors like Quick Heal, Webroot, McAfee for what they are.... inferior capabilities.

View attachment 212370
One year ago Windows Defender was close to Webroot (and close to the bottom), so the test can surely show the difference.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
One year ago Windows Defender was close to Webroot (and close to the bottom), so the test can surely show the difference.

Great point -- if I'm understanding you correctly.

Test rigor and design and allowing products to absolutely fail.... can also more accurately demonstrate when they absolutely improve -- like Windows Defender.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The problem with security is that attackers can adapt their techniques to exploit the weak security spots. Deep Instinct is a new product, so no one had a chance to seek its weak spots.
Furthermore, one test cannot be a reliable measure of capabilities, no matter how promising it is. Anyway, the first results are rather shocking.
 

Mikesierra

Level 2
Thread author
Verified
Feb 26, 2018
97
There's no purchase method on their website. There's just a "Request a demo" button, and then they request your personal data, including your phone number. No, thanks. Why would a cyber-security company need my phone number?
Don´t forget that this is a product intended for enterprise customers and not for home users. When you check out the web sites of other vendors (Cylance, Endgame etc.) you´ll see that all request contact information.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There's no purchase method on their website. There's just a "Request a demo" button, and then they request your personal data, including your phone number. No, thanks. Why would a cyber-security company need my phone number?
They are selling to businesses and they want to make you an offer that is tailored to your needs.
 

lunarlander

Level 1
Verified
Oct 8, 2017
30
Cylance used to be targeted at enterprises only. With double page ads in Wired magazine. I guess they changed their tune when sales were not so rosy as when they first estimated. Now they've been sold to BlackBerry ( the cellphone company ) I think for security stuff, you fetch as high a price as possible when you've got new technology and then look for an exit strategy ( like selling the company off, or 'degrade' to offer lower priced consumer products )
 

Mikesierra

Level 2
Thread author
Verified
Feb 26, 2018
97
So... I'll contact Deep Instinct, tell them where I work, possibly get them scheduled for an organization demo, and see if they have unmanaged clients that we can get a few trial licenses...
Did you get a reply from them in the meantime? Or is just another vendor which is only interested in large enterprises and nothing else?
 
  • Like
Reactions: oldschool and AtlBo

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Did you get a reply from them in the meantime? Or is just another vendor which is only interested in large enterprises and nothing else?

We did get a reply. And we are getting an enterprise demo. And that is where we usually ask for unmanaged client trial software... as well as the ability to test without their presence. Some companies won't go along with this.... which is fine. To me -- that's an indicator. And now, there are many companies with new and interesting products coming out about monthly.. So we'll see what happens in a few weeks when they arrive.
 

Mikesierra

Level 2
Thread author
Verified
Feb 26, 2018
97
We did get a reply. And we are getting an enterprise demo. And that is where we usually ask for unmanaged client trial software... as well as the ability to test without their presence. Some companies won't go along with this.... which is fine. To me -- that's an indicator. And now, there are many companies with new and interesting products coming out about monthly.. So we'll see what happens in a few weeks when they arrive.
Do you plan to test it with malware (fileless, memory/dll injection, process hollowing etc.)? If so I would highly appreciate if you could share your test results.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Do you plan to test it with malware (fileless, memory/dll injection, process hollowing etc.)? If so I would highly appreciate if you could share your test results.

If I get an unmanaged client license, yes, I'll do some simple tests. When using an evaluation copy of an enterprise product, sometimes there are rules we have to adhere to... in some cases, we cannot mention publicly at all that we are using the product. So.... we'll see.
 

Mikesierra

Level 2
Thread author
Verified
Feb 26, 2018
97
If I get an unmanaged client license, yes, I'll do some simple tests. When using an evaluation copy of an enterprise product, sometimes there are rules we have to adhere to... in some cases, we cannot mention publicly at all that we are using the product. So.... we'll see.
I see. Just thought it would be interesting to get an independent opinion regarding the real capabilities of Deep Instinct. Honestly, I can´t imagine that even a modern EDR/EPP is able to achieve a 100% score when it comes to malware detection and/or evasion techniques like this one.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I see. Just thought it would be interesting to get an independent opinion regarding the real capabilities of Deep Instinct. Honestly, I can´t imagine that even a modern EDR/EPP is able to achieve a 100% score when it comes to malware detection and/or evasion techniques like this one.
(y) (y)
The idea is very simple and known for years. On 64-bit Windows (Patch Guard), the 3-rd party security applications have to use userland hooks to apply EDR, HIPS, URL filtering, etc. The simple purpose of the hook is to stop the execution flow of the process, next check (by EDR, HIPS, URL filtering, etc.) and block if malicious or let it run if safe. If the malware can run with admin rights then it can restore the hooked function and bypass the protection. This is a cat-and-mouse game, because 3-rd party security can apply the special protection to avoid the particular bypass and the malware can use another bypass.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top