Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

Kongo · Jun 17, 2023

HarborFront said:
I'm not seeng a firewall in the spoilers on the 1st page. So I should be using Windows default firewall?

Thanks

I mean you've got most of the protection covered, but I think restricting the outbound connections of LOLBins can be quite useful for stealer-malware. So I am personally using Microsoft Defender Firewall with a public profile and hardened it with the Firewall Hardening Tool from @Andy Ful

Shadowra · Jun 17, 2023

HarborFront said:
From the rating for DI given below it's much better than Trellix and Harmony

Best Endpoint Protection Platforms Reviews 2024 | Gartner Peer Insights

Find the top Endpoint Protection Platforms with Gartner. Compare and filter by verified product reviews and choose the software that’s right for your organization.

www.gartner.com

I'll not take any endpoint with rating less than 4.7. And those who qualify are

1) Deep Instinct 4.7/5
2) Sophos Intercept X 4.8/5
3) CrowdStrike Falcon 4.8/5
4) Singularity XDR 4.8/5
5) CylancePROTECT 4.7/5
6) GravityZone Business Security Enterprise 4.7/5
7) REVE Endpoint Security 4.8/5
8) G Data Endpoint Protection 4.8/5
9) Application Control 4.8/5
10) 360 Total Security for Business 4.7/5
11) Nucleon Smart Endpoint 5/5
12) VIPRE Endpoint Security 5/5
13) EMSISOFT 5/5
14) TRAPMINE Platform 5/5
15) AhnLab EPP 5/5

The question is which are the ones more affordable for home use?

I don't think these notes are important.
At work, we use Trendmicro's ApexOne to protect all our computers (we use MacOS a lot, but we also have Windows servers) and it works very well.
The administration console is as complete as DI, especially in terms of rules, and I believe it also includes an EDR.
Detection is also very good.

The same goes for SEP (Norton), one of the leaders in the enterprise market.

simmerskool · Jun 17, 2023

HarborFront said:
I'm not seeng a firewall in the spoilers on the 1st page. So I should be using Windows default firewall?

Thanks

I think that is correct. My WSC Windows Firewall shows "turned on."
EDIT @Kongo's suggestion to use Firewall Hardening sounds like a good idea.

NormanF · Jun 17, 2023

Trident said:
Majority of them have no reseller that would sell just a single or even few stations license. Specially the one that contain Enterprise in the name or XDR, expect a minimum requirement of >150 stations. For less, they won’t even reply to you.

I am guessing Vipre Endpoint, GData Endpoint are quite affordable. I know for a fact that Sophos is affordable.

Harmony Endpoint is affordable. If you're looking for endpoint software that runs only on servers, look elsewhere. That's why they're only made available for the corporate market and don't have relevance for home users.

HarborFront · Jun 18, 2023

DI has an android app. Do you need to pay separately or can use the same activation key as the desktop version?

Thanks

HarborFront · Jun 22, 2023

Andy Ful said:
The DI engine was tested by AV-Comparatives a few months ago:

https://assets.virustotal.com/reports/spc_fdt_deepinstinct_202212_en.pdf

Test Results for DI engine (PE files):
malware detection rate 92.4%
False Alarm rate 0

From other sources, it follows that DI can be a strong protection against ransomware attacks.
DI should enhance Defender protection because Defender's local AI is not so strong.

Edit.
For comparison:

https://www.av-comparatives.org/wp-content/uploads/2022/05/spc_google_vt_202205.pdf

I think AV/AM like BD/Kaspersky/Norton etc give better detection rate, right? I thought EPP/EDR etc should be superior than AV/AM for end user? Then buy DI for what?

Andy Ful · Jun 23, 2023

HarborFront said:
I think AV/AM like BD/Kaspersky/Norton etc give better detection rate, right? I thought EPP/EDR etc should be superior than AV/AM for end user? Then buy DI for what?

I do not use DI and do not have sufficient knowledge of DI to compare it with other solutions. This would require more testing.

HarborFront · Jul 5, 2023

Does DI protects the uefi?

Can't find anything in the spoilers on the 1st page

Kongo · Jul 5, 2023

HarborFront said:
Does DI protects the uefi?

Can't find anything on the spoilers on the 1st page

Find a sample that isn't already detected by static AI and let's test.

HarborFront · Jul 5, 2023

Kongo said:
Find a sample that isn't already detected by static AI and let's test.

The following rootkit/bootkit malware affect the UEFI

1) Lojax - detected by ESET-NOD32 but cannot be removed because it resides in the UEFI
2) Moonbounce
3) BlackLotus

If you can find them you can test DI with them

Generally, these malware are trojans and AV/AM will detect and block them, if possible. However, once they infect the UEFI then likely you are gone.

FYI

Lojax - It is capable of surviving the re-installation of the Windows operating system or even hard drive replacement.
Moonbounce - Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
BlackLotus - BlackLotus was able to run on fully patched Windows 11 systems with UEFI Secure Boot enabled

NormanF · Jul 5, 2023

HarborFront said:
The following rootkit/bootkit malware affect the UEFI

1) Lojax - detected by ESET-NOD32 but cannot be removed because it resides in the UEFI
2) Moonbounce
3) BlackLotus

If you can find them you can test DI with them

Generally, these malware are trojans and AV/AM will detect and block them, if possible. However, once they infect the UEFI then likely you are gone.

FYI

Lojax - It is capable of surviving the re-installation of the Windows operating system or even hard drive replacement.
Moonbounce - Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
BlackLotus - BlackLotus was able to run on fully patched Windows 11 systems with UEFI Secure Boot enabled

Malware that infects hardware can't removed by any known endpoint security product because its persistent. The only way to eradicate it is to destroy and replace the infected machine.

Trident · Jul 5, 2023

Malware that infects the UEFI can be destroyed only by flashing the UEFI. In fact even products that scan the UEFI such as Bitdefender, Eset and Avast detect malware but require you to proceed with the flashing. They are unable to clean the UEFI or tamper with it in any way. DI does not feature UEFI scanning.

NormanF · Jul 5, 2023

Trident said:
Malware that infects the UEFI can be destroyed only by flushing the UEFI. In fact even products that scan the UEFI such as Bitdefender, Eset and Avast detect malware but require you to proceed with the flushing. They are unable to clean the UEFI or tamper with it in any way. DI does not feature UEFI scanning.

You mean flashing? Like how people upgrade the BIOS on their PC.

Trident · Jul 5, 2023

NormanF said:
You mean flashing? Like how people upgrade the BIOS on their PC.

Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart (part of Wolf Security), where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

NormanF · Jul 5, 2023

Trident said:
Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart, where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

My HP ZBook mobile workstation is protected from such tampering. High end devices in the business world are more exposed to cyber threats to subvert endpoints than home users are.

HarborFront · Jul 5, 2023

NormanF said:
Malware that infects hardware can't removed by any known endpoint security product because its persistent. The only way to eradicate it is to destroy and replace the infected machine.

You can send your laptop/PC back to the manufacturer for UEFI flashing

Kongo · Jul 5, 2023

All that assumes that you even get infected by a rootkit which seems pretty unlikely nowadays. I would worry more about stealer malware.

HarborFront · Jul 5, 2023

Trident said:
Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart (part of Wolf Security), where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

If I'm not wrong SureStart has DI inside

Trident · Jul 5, 2023

HarborFront said:
If I'm not wrong SureStart has DI inside

HP Wolf Security includes a rebrand of DI as well as SureStart and various other components. It focuses on containment mostly.

monoloko88 · Jul 15, 2023

Hello I recently purchased a license but I dont know exactly how to add an exclusion.
DeepInspect is throwing alerts of Steam code injection and what I can only do is to put code inject behaviour to 'detect' and not to 'prevent'.
Any idea? Thanks

Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

Level 36

Level 34

Level 31

Level 8

Level 71

Level 71

From Hard_Configurator Tools

Level 71

Level 36

Level 71

Level 8

Level 28

Level 8

Level 28

Level 8

Level 71

Level 36

Level 71

Level 28

New Member

Similar threads