Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

[NormanF]

Me

App Review - DeepInstinct Endpoint Security 2023

DeepInstinct is an enterprise antivirus based on AI Machine Learning. DeepInstinct offers an agent with little information, everything is managed from the Dashboard of the software. The configuration is very complete, but let's see how it does. Note that it can be found at HP in OEM under the...

malwaretips.com

I tried to install HP Sure Click and it was aborted because it didn't support my hardware. I did some more digging and it turned out its an HP hypervisor machine. Now if you're going to have it, you need to turn off Microsoft hypervisor. Many of the Internet reports on slowdown with HP Wolf Security results from the fact if you have two hypervisors running, they will conflict with each other and fight for priority. A pity HP Sure Click isn't optional on HP Wolf Security.

 

[simmerskool]

I see in DeepIn management console a suspicious event, powershell script, related to compattelrunner that occurs around 430am. No alerts on my desktop. I have a general understanding of what compattelrunner is doing and that some of its data collection can be disabled in win10. If this is a normal and regular MS system process, why does Di mark it as suspicious some mornings, but it seems that some mornings it runs and it is not marked as suspicious. This is where paranoid person sees "curious" and asks why I assume I have to try to compare & analyze the ps scripts. Does a suspicious flag equal a false positive? fwiw VT DeepIn sees compattelrunner as clean. So it must be Behavioral related to the script itself, ie, I assume that not the same ps script runs every morning...?
PS Di runs super quiet and fast on my hardware win10, no detections past 7 days, more like 21 days...

I received an email from Cyberforce support re the above Di suspicious event:

"If this has been identified as a legitimate process, then we can consider it a False Positive and add to the allow list.
As for why some days and not others, it seems to be showing up every other day in the event list but each event has 2 occurrences. If the same event occurs more than once in a 24 hour period then its occurrence count is incremented so as to not inundate a person with multiple events. This event is being considered suspicious because it is mapping to a mitre attack. Not every mitre attack is bad but could be and that is why it is flagged as suspicious. These are usually seen to help identify possibly third party attacks."

 

[kamiloxf]

Do you have a Deep Instinct management site? it's been down for me for an hour (agent offline)

 

[simmerskool]

Do you have a Deep Instinct management site? it's been down for me for an hour (agent offline)

I logged in ok at 1503 UTC via my reseller connection. All seems normal. 0 events over the past 7 days, just the way I like it. I like it.

 

[HarborFront]

From the rating for DI given below it's much better than Trellix and Harmony

Best Endpoint Protection Platforms Reviews 2024 | Gartner Peer Insights

Find the top Endpoint Protection Platforms with Gartner. Compare and filter by verified product reviews and choose the software that’s right for your organization.

www.gartner.com

I'll not take any endpoint with rating less than 4.7. And those who qualify are

1) Deep Instinct 4.7/5
2) Sophos Intercept X 4.8/5
3) CrowdStrike Falcon 4.8/5
4) Singularity XDR 4.8/5
5) CylancePROTECT 4.7/5
6) GravityZone Business Security Enterprise 4.7/5
7) REVE Endpoint Security 4.8/5
8) G Data Endpoint Protection 4.8/5
9) Application Control 4.8/5
10) 360 Total Security for Business 4.7/5
11) Nucleon Smart Endpoint 5/5
12) VIPRE Endpoint Security 5/5
13) EMSISOFT 5/5
14) TRAPMINE Platform 5/5
15) AhnLab EPP 5/5

The question is which are the ones more affordable for home use?

 

[Trident]

From the rating for DI given below it's much better than Trellix and Harmony

Best Endpoint Protection Platforms Reviews 2024 | Gartner Peer Insights

Find the top Endpoint Protection Platforms with Gartner. Compare and filter by verified product reviews and choose the software that’s right for your organization.

www.gartner.com

I'll not take any endpoint with rating less than 4.7

These are just user ratings there, they are not really of extreme importance. Deep Instinct should not really be counted as Endpoint even, it is a prevention layer that you are supposed to combine with other components.

Trellix has 2 flavours, one is the EDR which was moved over from FireEye and hasn’t changed, and McAfee Endpoint protection which hasn’t changed either. All three of them (FireEye which also uses BD engine, MEP and Harmony Endpoint) are full featured suites with Trellix and Harmony being EDR solutions. They can’t even be compared as they are not the same class of product. It’s like comparing Adidas floppers with smart shoes.

Also, you need to take into consideration how many people voted. For example Symantec Endpoint Protection has 4.4 with almost 2K reviews, whilst DI has <50 reviews.

Most of the solutions you’ve enumerated are not for home use at all and nobody will even sell them to you. Good luck buying an XDR.

 

[HarborFront]

These are just user ratings there, they are not really of extreme importance. Deep Instinct should not really be counted as Endpoint even, it is a prevention layer that you are supposed to combine with other components.

Trellix has 2 flavours, one is the EDR which was moved over from FireEye and hasn’t changed, and McAfee Endpoint protection which hasn’t changed either. All three of them (FireEye which also uses BD engine, MEP and Harmony Endpoint) are full featured suites with Trellix and Harmony being EDR solutions. They can’t even be compared as they are not the same class of product. It’s like comparing Adidas floppers with smart shoes.

Also, you need to take into consideration how many people voted. For example Symantec Endpoint Protection has 4.4 with almost 2K reviews, whilst DI has <50 reviews.

Of couse cannot compare based on 1 site. They are meant for business use rather than for home use.

From the given list which 3 are the most affordable for home use?

 

[Trident]

Of couse cannot compare based on 1 site. They are meant for business use rather than for home use.

From the given list which 3 are the most affordable for home use?

Majority of them have no reseller that would sell just a single or even few stations license. Specially the one that contain Enterprise in the name or XDR, expect a minimum requirement of >150 stations. For less, they won’t even reply to you.

I am guessing Vipre Endpoint, GData Endpoint are quite affordable. I know for a fact that Sophos is affordable.

 

[HarborFront]

Ok just got a reply from DI. The price is US$42 per year

 

[Trident]

Ok just got a reply from DI. The price is US$42 per year

Yep, this is how much @Kongo and @simmerskool mentioned they’ve paid. I am not sure if it includes ongoing management as well, as I paid just a little over £17 per station.

 

[HarborFront]

Yep, this is how much @Kongo and @simmerskool mentioned they’ve paid. I am not sure if it includes ongoing management as well, as I paid just a little over £17 per station.

Hmmmm..........no USB and malware scans? How to scan USB devices upon insertion.............need to install Malwarebytes like what @Shadowra did? He even has Ghost with Acronis. Does that means we don't trust DI's excellent prevention-first strategy?

No web protection.......no issue as I have Adguard for desktop and NextDNS to handle this.

 

[Trident]

USB Devices upon insertion don’t need to be scanned since Windows 7 when Microsoft killed the AutoPlay. Antivirus vendors offer this feature on “I wanna show you how much I do for you” basis or in other words, pure marketing. There are various threats for USB devices, all of which can be covered by on-access scanning.

If you are looking for advanced USB control such as port control, this is absent from DI. This is why I am migrating from it slowly (and other reasons not relevant to home users).

Btw NextDNS and Adguard can’t handle botnet-related activity and other network-related attacks. How will you stop these?

 

[HarborFront]

USB Devices upon insertion don’t need to be scanned since Windows 7 when Microsoft killed the AutoPlay. Antivirus vendors offer this feature on “I wanna show you how much I do for you” basis or in other words, pure marketing. There are various threats for USB devices, all of which can be covered by on-access scanning.

If you are looking for advanced USB control such as port control, this is absent from DI. This is why I am migrating from it slowly (and other reasons not relevant to home users).

Btw NextDNS and Adguard can’t handle botnet-related activity and other network-related attacks. How will you stop these?

I meant NextDNS and Adguard for web protection

I thought behavior-approach should thwart this? Is DI better than Bitdefender/Kaspersky/Norton because the latter do provide such protection? In addition, they do malware scans and USB device scan. The difference I see is that AV/AM don't provide elaborate graphical displays

For port controls you can use Windows Group Policy or dedicated software for that purpose

 

[Trident]

I meant NextDNS and Adguard for web protection

I thought behavior-approach should thwart this? Is DI better than Bitdefender/Kaspersky/Norton because the latter do provide such protection? In addition, they do malware scans and USB device scan

To an extent behaviour-based approach, specially combined with the hardening techniques will thwart this, yes.

You can still do malware scans with Deep Instinct and you have the contextual menu scans on the machine as well. Is it better than Norton… I would say yes, as Norton has a weakness with scripts and offers no built-in features to harden the system (though you can use other tools). Is it better than Kaspersky, I would say yes, as it is lighter and not on the news. Is it better than Bitdefender? I would say yes, because Bitdefender engine is heavily reliant on signatures (in this day and age). It also relies on generic detections, heuristics and machine learning to an extent, but this all takes time to be researched and developed/updated. The deep learning approach has advantages and disadvantages.

 

[simmerskool]

Deep Instinct should not really be counted as Endpoint even, it is a prevention layer that you are supposed to combine with other components.

Some confusion on my part about what to run with DeepInstinct, if anything. Originally installed Di without integration with WSC which left MS Defender as primary av. Cyberforce etc urged me to integrate Di, ok, & Di has been fine but running solo other than whatever SmartScreen does... I tried running VS with Di but was seeing subtle issues running them together so no longer running VS with Di, although @Shadowra is running VS w/Di aok. Is there an "ideal" Di combo, suggestions welcome. Or just continue run Di solo?

 

[Trident]

Some confusion on my part about what to run with DeepInstinct, if anything. Originally installed Di without integration with WSC which left MS Defender as primary av. Cyberforce etc urged me to integrate Di, ok, & Di has been fine but running solo other than whatever SmartScreen does... I tried running VS with Di but was seeing subtle issues running them together so no longer running VS with Di, although @Shadowra is running VS w/Di aok. Is there an "ideal" Di combo, suggestions welcome. Or just continue run Di solo?

I personally wouldn’t run VS with Deep Instinct. It would be best combined with a secure gateway (or router because we are talking about home usage) that can provide filtering and IPS capability.
Software-wise, I believe you managed to combine it with Avast Web Shield? This is a combo that’s not bad and doesn’t leave corners uncovered.

But my understanding is that soon you will be running Check Point. With that you need nothing else. It is a complete solution with no false positives.

 

[simmerskool]

Yep, this is how much @Kongo and @simmerskool mentioned they’ve paid. I am not sure if it includes ongoing management as well, as I paid just a little over £17 per station.

Cyberforce answers email questions, and they can login to my console, but they only made some suggestions at the beginning. Been running Di +32 days. It runs lightly.

 

[simmerskool]

I meant NextDNS and Adguard for web protection

I thought behavior-approach should thwart this? Is DI better than Bitdefender/Kaspersky/Norton because the latter do provide such protection? In addition, they do malware scans and USB device scan. The difference I see is that AV/AM don't provide elaborate graphical displays

For port controls you can use Windows Group Policy or dedicated software for that purpose

At installatoin Di scanned my win10, took +4h18m. You can schedule periodic scans. I have the sense that is monitors just about everything in the background.

 

[simmerskool]

I personally wouldn’t run VS with Deep Instinct. It would be best combined with a secure gateway (or router because we are talking about home usage) that can provide filtering and IPS capability.
Software-wise, I believe you managed to combine it with Avast Web Shield? This is a combo that’s not bad and doesn’t leave corners uncovered.

But my understanding is that soon you will be running Check Point. With that you need nothing else. It is a complete solution with no false positives.

My plan is to run Harmony on VM for awhile. Hope to start using it this weekend... I have a Ubiquity router. (I used to have a Cisco Meraki but license expired and then I ran out of money) I looked into Avast Web Shield a few weeks ago, not copacetic, but I don't recall why. (sidenote: I did get Avast One (free) to install and run smoothly on win10 VM). I am ok running Di solo, ie, I don't feel uncomfortable.

 

[HarborFront]

I'm not seeng a firewall in the spoilers on the 1st page. So I should be using Windows default firewall?

Thanks