Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

[TuxTalk]

I opened this thread to discuss the newly Deep Instinct AV.

Deep Instinct | Deep Learning AI Cybersecurity Platform

Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using the world’s first and only purpose-built, deep learning cybersecurity framework.

www.deepinstinct.com

 

[Kongo]

Here a small insight on Deep Instinct:

As Deep Instinct probably isn't really an option for most home users, I thought I could share some of my experiences and screenshots of the client and the policies of DI.

Memory usage:



Deep Instinct's memory usage is pretty low and also the CPU usage remains low most of the time. Therefor my PC feels very snappy.

Stability:

Deep Instinct feels really stable. You can choose wether it should be registered in Windows Security Center or not. I personally have it registered. Compared to other AV solutions I didn't have any issues yet. Right after booting up my PC and accessing the security center, I can see that Deep Instinct is enabled and properly registered in the security center. Malwarebytes or G DATA for example either took a much longer time to register or they didn't register at all.
When Deep Instinct finds a threat it immediately quarantines it and gives a notification. And when I say "immediatly" then I really mean immediately.

--> Deep Instinct feels very stable and well matured.

Client:

Threat Notification:

Settings / Policies:

Spoiler: Policies

1.

2.

3.

4.

I personally really enjoy Deep Instinct so far but I will keep you updated if you guys are interested.


If you guys want to know more. Feel free to ask here.

 

[simmerskool]

I just got an email reply from Cyberforce in Austin Texas about buying a license. I think they want to confirm that I am a home user and not a business, so they asked a few questions. I now recall that I used Cyberforce with Cylance in 2017 before Cylance became available to home users. I think I read on Deep Instinct webpage that it responds to ransomware 750x faster than ransomware can encrypt, so something like that.
I read the Deep Instinct is designed to run with MS Defender, so if you register DI with Windows Security Center, how does that then interact with MS Defender??

 

[Trident]

I haven’t got much to add after @Kongo’s insight, except more resource usage maybe:

DeepInstinct is a quality product, the console is organised and allows quick access to whatever is needed. Not too much information is shared by DeepInstinct over how the solution works, but for example some info on the D-Brain engine is here:

Congratulations! Now Smarter Than Ever, We Got a New Brain!

Deep Instinct is excited to announce the release of a new and updated D-brain version! D-Brain is a core component of our deep learning architecture.

www.deepinstinct.com

https://info.deepinstinct.com/hubfs/MOF/case%20studies/F500%20Technology%20SW%20&%20HW_Deep%20Instinct%20case%20study.pdf

The solution provides rich contextual intelligence on detected threats, accurately identifying types.
I have restricted a host of LOtLBins from running as well. Initially it created a lot of noise, I have now corrected that.

 

[Shadowra]

I noticed something quite strange with DeepInstinct...
Indeed I downloaded a malware that was known. My DeepInstinct didn't say anything while VirusTotal detects it!

Any ideas?

 

[Trident]

I noticed something quite strange with DeepInstinct...
Indeed I downloaded a malware that was known. My DeepInstinct didn't say anything while VirusTotal detects it!

Any ideas?

What is the level of confidence you use? Did you try more aggressive setting?

If on aggressive setting it is still not detected, we can only speculate why this is.

 

[simmerskool]

I noticed something quite strange with DeepInstinct...
Indeed I downloaded a malware that was known. My DeepInstinct didn't say anything while VirusTotal detects it!

Any ideas?

How is it interacting with MS Defender? The motto on one of their pages Deep Instinct + MS Defender = better together
I assume installing DI does not turn off MS Defender? I got my order invoice, not installed yet. I used Cyberforce with Cylance (2017) before Cylance was generally available to home users, and from a wide view of someone who has not installed it yet, the DI setup seems very similar. I can't really compare the Cyberforce_Cylance I used with DI. If DI is looking for unknowns, maybe it leaves the known malware to MS Defender, or that's not at all how they work together? Does someone from DI answer questions like @Shadowra's?

I noticed something quite strange with DeepInstinct...
Indeed I downloaded a malware that was known. My DeepInstinct didn't say anything while VirusTotal detects it!

Any ideas?

I also see that Deep Instinct | Resources | Training FREE program. "Learn the skills you need to configure, deploy, monitor, investigate, respond, evaluate, and troubleshoot the functions and capabilities of Deep Instinct." (I would probably benefit from this, not suggesting anyone else here would need to)

Here is a positive article in Forbes about Deep Instinct being tested by Unit221B. Article indicates DI focus is stopping ransomware. And some others as I find them, including a SE Lab test referenced in businesswire

Proof Is In The Pudding For Deep Instinct

Deep Instinct put its deep learning AI (artificial intelligence) cybersecurity platform to the test by enlisting Unit 221B to evaluate its protection and validate their claims.

www.forbes.com

Deep Instinct Review for %%currentyear%% & Best Alternatives

We discuss everything you need to know about Deep Instinct, including a list of the best Deep Instinct platform alternatives.

www.comparitech.com

Tested and Proven by SE Labs Threat Prevention Evaluation Test: Deep Instinct Prevents Today’s Most Sophisticated File-based and File-less Attacks

According to the latest test results from SE Labs’ independent threat prevention evaluation lab, Deep Instinct’s D-Client (v2.2.1.5) achieved a 100% p

www.businesswire.com

 

[Shadowra]

What is the level of confidence you use? Did you try more aggressive setting?

If on aggressive setting it is still not detected, we can only speculate why this is.

High

 

[simmerskool]

Here a small insight on Deep Instinct:
As Deep Instinct probably isn't really an option for most home users, I thought I could share some of my experiences and screenshots of the client and the policies of DI.
I personally really enjoy Deep Instinct so far but I will keep you updated if you guys are interested.
If you guys want to know more. Feel free to ask here.

@Kongo, Thanks for posting your console settings! Question for all DI users: did you install DI on VM or hardware Host? I just sent an email to cyberforce support asking about transferring license from VM Guest to Host, and if I decided to run on both would that require 2 licenses? Waiting for support reply. Will update...
PS some said they did not register DI with windows security. Pros & Cons?? I understand DI is coded to run with MS Defender. I have my DI credentials, and expect to install later today or this weekend. I tried googling registering AV with win security and got non-responsive replies... thanks

EDIT update: support Host & Guest OSs need a license for each, if you first start on VM, you can delete it from VM and install on Host, only 1 license.

PS just downloaded the Deep Instinct v4.0 Endpoint Security & Application Deployment Guide.pdf. Only 234 pages. I was expecting...

https://www.cyberforcesecurity.com/downloads/DeploymentGuide_4.0.pdf

 

[Trident]

Question for all DI users: did you install DI on VM or hardware Host

I am using it on hardware host for business. It’s one of my favourites and my staff seems to like it as well. Never tried on VM. It’s not a very pretentious solution so I can imagine it won’t have issues running on VMs.

About Defender, it can be used alongside it by not registering at the security centre. It is optional and preferably you should be using Defender for Business. Otherwise there is very little value and the performance impact of Defender is not justified. In terms of Defender combinations, I would prefer Defender + Intezer.

 

[Kongo]

I just got an email reply from Cyberforce in Austin Texas about buying a license. I think they want to confirm that I am a home user and not a business, so they asked a few questions. I now recall that I used Cyberforce with Cylance in 2017 before Cylance became available to home users. I think I read on Deep Instinct webpage that it responds to ransomware 750x faster than ransomware can encrypt, so something like that.
I read the Deep Instinct is designed to run with MS Defender, so if you register DI with Windows Security Center, how does that then interact with MS Defender??

I agree with @Trident
You can either choose to register it in the security center so that you can run it without MS Defender or you can choose not to register it, so that it can work alongside MS Defender. I personally don't think that MS Defender adds much value. So better let it register with security center and enjoy the performance benefits.

I noticed something quite strange with DeepInstinct...
Indeed I downloaded a malware that was known. My DeepInstinct didn't say anything while VirusTotal detects it!

Any ideas?

Same here. On VirusTotal AV companies are allowed to choose the settings like high sensitivity for heuristics etc. So they don't necessarily have to use their default settings afaik. So @Trident is probably right. We both aren't running it with the strictest settings.

High

What exactly do you mean by "High"? Can you screenshot the setting?

 

[Trident]

VirusTotal is very frequently different.

Trend Micro for example would frequently detect something there (and on business versions if early warning is deployed) but in home products won’t detect anything yet.

Check Point runs with Kaspersky engine there (not sure also what’s the value of adding 10 solutions with the same engine). In reality they’ve got over 60 engines in different places, doing different analysis and none of them is Kaspersky. The version with Kaspersky is not available on the download portal or at least I didn’t see it.

Symantec and McAfee have different names with McAfee JTI not being deployed (as well as Real Protect Pre-Execution). Detections are named artemis.something on VT when the real name is JTI/Something.
Symantec on VT displays ML.Attribute.<Level of Confidence> but in products it is Heur.AdvML.A/B/C

Other products also have notable differences.

My speculations are the following (only engineers would know what, why and how for sure):

• VirusTotal is a platform that drives no revenue and is mainly for intelligence, analysis and troubleshooting. As such, not all engines may be deployed and not all of them may work like the ones on production system — false positives are not a problem on VT. It is possible that some experimental engines may first be deployed there too.
• Where static analysis is used (such as DI), it is possible that not all machine learning models are deployed there or that some more aggressive ones are deployed on VT as a testing ground.
• Again where static analysis/NGAV is in question, some machine learning models/classifiers (for example decision trees) may be oriented towards downloaded files and files from emails. In this case, these models on VT will not be ran.
• The VirusTotal platform may also from time to time experience issues with syncing those engines.
• Settings may be configured to be either more gentle or more aggressive at vendor’s discretion. They may be interested in testing different configurations and VT is the perfect place for that.

All the above are few reasons why detections might differ. For more precise information, an official representative will have to be contacted so they can ask system engineers.

 

[ShenguiTurmi]

I just got an email reply from Cyberforce in Austin Texas about buying a license. I think they want to confirm that I am a home user and not a business, so they asked a few questions. I now recall that I used Cyberforce with Cylance in 2017 before Cylance became available to home users. I think I read on Deep Instinct webpage that it responds to ransomware 750x faster than ransomware can encrypt, so something like that.
I read the Deep Instinct is designed to run with MS Defender, so if you register DI with Windows Security Center, how does that then interact with MS Defender??

Whether you register to windows security center or not depends on your policy settings.
If you let it be registered to windows security center, WindowsDefender will obviously be turned off.

Spoiler: policy

 

[likeastar20]

Is it possible to get this as a home user?

 

[simmerskool]

Whether you register to windows security center or not depends on your policy settings.
If you let it be registered to windows security center, WindowsDefender will obviously be turned off.

Spoiler: policy

View attachment 275328

Thanks, yes Kongo and Trident suggested to register DI to turn off MS Defender. During the first login (but not my last) I saw this and that DI default is off, not "integrate", but I told it to integrate and it lit up blue just like your snip. I initially followed Kongo's settings. So far I do have a snafu wishfully thinking I could get DI installed & running without first reading the 500+ pages in the Admin & Deployment manuals I do have the D-Client downloaded -- (it's a start). but not installed. a work in progress...

 

[Shadowra]

What exactly do you mean by "High"? Can you screenshot the setting?

 

[Digmor Crusher]

Thanks, yes Kongo and Trident suggested to register DI to turn off MS Defender. During the first login (but not my last) I saw this and that DI default is off, not "integrate", but I told it to integrate and it lit up blue just like your snip. I initially followed Kongo's settings. So far I do have a snafu wishfully thinking I could get DI installed & running without first reading the 500+ pages in the Admin & Deployment manuals I do have the D-Client downloaded -- (it's a start). but not installed. a work in progress...

When I install a software program to try out whether it be an AV or not, if I can't figure it out in 10 minutes its gone. So I guess this program isn't for me.

 

[Trident]

Thanks, yes Kongo and Trident suggested to register DI to turn off MS Defender. During the first login (but not my last) I saw this and that DI default is off, not "integrate", but I told it to integrate and it lit up blue just like your snip. I initially followed Kongo's settings. So far I do have a snafu wishfully thinking I could get DI installed & running without first reading the 500+ pages in the Admin & Deployment manuals I do have the D-Client downloaded -- (it's a start). but not installed. a work in progress...

The 500 pages manual are a must if you will be using the product. In fact in my opinion every manual must be read. Nevertheless, DeepInstinct is a very easy product to deploy and use. Compared to many others like McAfee ePO/Endpoint Protection Trend Micro and even Symantec. Getting it configured for your day to day usage so it doesn’t prevent you from doing your stuff and still provides protection is a bit more tricky. You will have to play around a little bit. Feel free to post your questions here, we’ll assist with @Kongo .

@Digmor Crusher, it is not really as fussy as it looks. It’s exceptionally straight-forward, but yeah. You can’t compare it with home antivirus solutions.

@Shadowra you have configured it to be “gentler”. Change that to prevent moderate level threats or even more aggressive and try again.

 

[simmerskool]

When I install a software program to try out whether it be an AV or not, if I can't figure it out in 10 minutes its gone. So I guess this program isn't for me.

Well I'm a little discouraged tonight, and tend to agree with you, but do NOT judge Deepi by my snafu(s). I sometimes miss, or misunderstand, something along the way. I expect I'll get it with a few more clicks... <insert emoji here>. I'm reading very positive things and think I'll like it.

The 500 pages manual are a must if you will be using the product. In fact in my opinion every manual must be read. Nevertheless, DeepInstinct is a very easy product to deploy and use.

it is not really as fussy as it looks. It’s exceptionally straight-forward, but yeah. You can’t compare it with home antivirus solutions.

I did send you a PM. but it's more of a rant. I did take notes and took screen pics with my iphone. But its too early I think to post dumb questions. (yes some questions are dumb IMO or I really only think that my dumb questions are dumb). You'll see why / how I got off to a bad start, but that part is not really relevant here.

 

[Shadowra]

@Shadowra you have configured it to be “gentler”. Change that to prevent moderate level threats or even more aggressive and try again.

What setting should I change? (I'm on the weekend, I'll look at it when I get back)