Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

[Trident]

Business security software is like that. Everything is over-complicated, for home solutions they are forced to make everything easy, otherwise they will lose the revenue. Nobody wants to spend more than 2 minutes installing home AV, otherwise it’s a “Thank you, next” situation.

For businesses it is different, there’s migration from existing solutions as well sometimes. There are solutions that are multi-component (you need to install 5-6 programmes) and many others. Majority of companies provide training and also on-premises deployment (you pay certain amount + travel and accommodation expenses if needed) and they will deploy it for you. DI is still one of the easiest to deploy.

Once deployed, many solutions are noisy, heavy and require additional optimisations.

 

[Momus]

Just some food of thoughts for everyone installing Deep Instinct:

I contacted support as I was not able to install the client properly. I was told that even one single license is not specific to VM, so you can use your license everywhere. You need to create a policy (according to your OS) and you are required to create a tenant, adding your license. When installing the client (from the Deployment - console section), all you need to do is to copy the token and insert the network address: cyberforce.customers.deepinstinctweb.com. Now you are done and should be up and running...
Finally, I am more than happy, like it really a lot )

 

[Kongo]

Just some food of thoughts for everyone installing Deep Instinct:

I contacted support as I was not able to install the client properly. I was told that even one single license is not specific to VM, so you can use your license everywhere. You need to create a policy (according to your OS) and you are required to create a tenant, adding your license. When installing the client (from the Deployment - console section), all you need to do is to copy the token and insert the network address: cyberforce.customers.deepinstinctweb.com. Now you are done and should be up and running...
Finally, I am more than happy, like it really a lot )

Glad to hear that it's finally working out for you!

 

[kamiloxf]

I also joined the DeepInstinct family today

 

[simmerskool]

+1 to @Momus (I concur with your comments)
I am Di deployed too, Di running its initial scan, good news / bad news at 10% of scan completed it is reporting 3 threats so far!!! Will enumerate when scan is finished.
As for deployment, it is actually "easy" as said by @Trident... once you have the info, and understand how to create a tenant, get familiar with the screens, don't break your password... For reasons only known to cyber-gods... I think I overthunk it! It took me awhile to find the [Create Tenant] button On same screen of course, you click over THERE to do something over HERE. I followed @Kongo's settings, except I did not register with Windows Security to keep MS Defender running, but with 8 exclusions for Di processes, at least for now. Installed on my hardware win10.

I have a Mac or 2: Di recommended for macOS? Wonder what Apple thinks about that...

 

[Kongo]

+1 to @Momus (I concur with your comments)
I am Di deployed too, Di running its initial scan, good news / bad news at 10% of scan completed it is reporting 3 threats so far!!! Will enumerate when scan is finished.
As for deployment, it is actually "easy" as said by @Trident... once you have the info, and understand how to create a tenant, get familiar with the screens, don't break your password... For reasons only known to cyber-gods... I think I overthunk it! It took me awhile to find the [Create Tenant] button On same screen of course, you click over THERE to do something over HERE. I followed @Kongo's settings, except I did not register with Windows Security to keep MS Defender running, but with 8 exclusions for Di processes, at least for now. Installed on my hardware win10.

I have a Mac or 2: Di recommended for macOS? Wonder what Apple thinks about that...

I am still playing with my settings, so I don't really recommend any of my settings that I shared in my screenshots. They were just for information purposes. Good to hear that its working for you too.

 

[carl fish]

here is my email response from deep instinct

Hello Carl,



Thank you for the online inquiry for Deep Instinct. The license rate is $42 per license per year. Below is the information we need to invoice you. Once we receive the information below, we will send out an invoice via quickbooks. Once the invoice has been paid we will spin up your Deep Instinct console and provide credentials and installation directions.



Thank you and please let me know if you have any questions.

• Company Name:
• Contact Name:
• Business address:
• Phone:
• Email:
• Quantity of licenses:
• Software of interest: Deep Instinct

what do I need to fill in as company name address etc as I really want to give it a try?

 

[Trident]

I have a Mac or 2: Di recommended for macOS? Wonder what Apple thinks about that...

On a business environment you don’t care about what Apple “thinks”, “states”, “believes”. “advertises” and all that. You can’t take chances. Macs are quite secure but could use the extra hand from DI. I am not extremely certain on Mac it will be as effective on Windows though due to the smaller training sets.
@carl fish leave company name either blank or type N/A.

 

[simmerskool]

here is my email response from deep instinct

Hello Carl,



Thank you for the online inquiry for Deep Instinct. The license rate is $42 per license per year. Below is the information we need to invoice you. Once we receive the information below, we will send out an invoice via quickbooks. Once the invoice has been paid we will spin up your Deep Instinct console and provide credentials and installation directions.



Thank you and please let me know if you have any questions.

• Company Name:
• Contact Name:
• Business address:
• Phone:
• Email:
• Quantity of licenses:
• Software of interest: Deep Instinct

what do I need to fill in as company name address etc as I really want to give it a try?

well I don't know for a fact, but Cyberforce may not care, or somebody once told me you can use your last name eg Smith Enterprises without legal repurcussions, but that is not a legal opinion

On a business environment you don’t care about what Apple “thinks”, “states”, “believes”. “advertises” and all that. You can’t take chances. Macs are quite secure but could use the extra hand from DI. I am not extremely certain on Mac it will be as effective on Windows though due to the smaller training sets.
@carl fish leave company name either blank or type N/A.

Initial scan still running, I don't feel that it is slow, more like detailed. And first scan is supposed to be slow, I read that somewhere. I'm glad it found 3 threats, could be false+, but let's me know it's looking at things a little differently. More when the scan finishes. As for macOS, my inclination is not to "deploy" Di on Mac, but I'm interested what Cyberforce techs think about that.
EDIT: I suspect you in your environment you deal directly with Di techs, whereas I think Cyberforce users deal with Cyberforce, and they deal with Di, speculation based on how it was 2017 with enterprise Cylance.

 

[Trident]

Initial scan still running, I don't feel that it is slow, more like detailed. And first scan is supposed to be slow, I read that somewhere. I'm glad it found 3 threats, could be false+, but let's me know it's looking at things a little differently. More when the scan finishes. As for macOS, my inclination is not to "deploy" Di on Mac, but I'm interested what Cyberforce techs think about that.
EDIT: I suspect you in your environment you deal directly with Di techs, whereas I think Cyberforce users deal with Cyberforce, and they deal with Di, speculation based on how it was 2017 with enterprise Cylance.

What were the threats found?

I rarely deal with DI myself, I normally handle email security and don't let anyone touch there as this is the point of entry.
DI management has been handed to the guys but the deployment and configuration are mine. We deal with the office in London. When you become a customer they appoint (choose) a single agent that handles your queries, you can even WhatsApp them if you want.

I'm assuming yes, CyberForce is your support portal for everything. They will try and resolve what they can and for major issues will contact DI.

 

[simmerskool]

What were the threats found?

Di Deep static analysis reported "Threat Prevented," originally it found 10 but recanted on a file, so final report was 8. A few Kaspersky tdsskiller from 10 years ago. I just deleted those.
2 files that I scanned system for (ultra search) and could not find. My Di dashboard report lists file names, sha256, a short reason or code why flagged, but not directory location?
And 2 that I have some concern about: both mssense.dll 2 different hashes, VT has both hashes and Di is only vendor claiming "malicious." I think they have something to do with Defender Threat detection...?? A quick skim indicated some issues with mssense, it is also an exe, but Di did not report the exe. I took no action re mssense. If I do a right mouse click on dll I have 5 options, one is add file to the allow list, the other is add file to deny list. comments welcome. Di classifies mssense as a virus!

Di icon in systray, it appears gray, like maybe it is off? but if I hover mouse over it it says Di 4.0.0.9 | Protection Enabled
Is that how it is supposed to look, gray no color?

Re win10 performance, too early to tell but the little I've done since the scan ended, seems about normal.

 

[Momus]

well I don't know for a fact, but Cyberforce may not care, or somebody once told me you can use your last name eg Smith Enterprises without legal repurcussions, but that is not a legal opinion

Yes, just tell them the licence is for private use only, that's no problem.

 

[ShenguiTurmi]

Yes, just tell them the licence is for private use only, that's no problem.

This is limited to the fact that you are contacting their distributor, if you say that to the original, odds are they won't get back to you with anything. These machine learning for security solutions all seem to have a particular concern about "selling to the wrong person".

 

[Trident]

This is limited to the fact that you are contacting their distributor, if you say that to the original, odds are they won't get back to you with anything. These machine learning for security solutions all seem to have a particular concern about "selling to the wrong person".

Yeah, attackers obtaining a copy of the software is not great. But it’s not the main reason, they are looking to avoid support tickets and maximise revenue.

The distributer at their sole discretion has decided that they are willing to sell single licenses at an increased price. The company field is just in case someone needs VAT invoice for accounting purposes. There is no law that prevents this product being sold to home users and for Deep Instict it doesn’t matter as CyberForce has already purchased a bulk of licenses. It’s perfectly OK on company to type “Personal”, “N/A” or something similar. CyberForce doesn’t really care. If you own a legit business then yes, wrong invoice will cause… to put it mildly… drama.

 

[ShenguiTurmi]

Yeah, attackers obtaining a copy of the software is not great. But it’s not the main reason, they are looking to avoid support tickets and maximise revenue.

The distributer at their sole discretion has decided that they are willing to sell single licenses at an increased price. The company field is just in case someone needs VAT invoice for accounting purposes. There is no law that prevents this product being sold to home users and for Deep Instict it doesn’t matter as CyberForce has already purchased a bulk of licenses. It’s perfectly OK on company to type “Personal”, “N/A” or something similar. CyberForce doesn’t really care. If you own a legit business then yes, wrong invoice will cause… to put it mildly… drama.

Yes, they are not the only ones, other distributors will do the same thing. The Taiwan distributor I went to didn't ask me for the company name at first, then I found out from the bill that they gave me a random listed company that existed (obviously not mine and I didn't fill in the name of that company), and only after I asked them to correct it did they put my correct company name on the bill.
I guess this is to simplify the process, you pay, they give you the software and the deal is done.

 

[Shadowra]

I just got home and did the tests with it on full blast...
Now DeepInstinct detects malware much faster, but still the same problem...

Example on this sample... malicious on VirusTotal or that my agent did not react during the download and the copy...

VirusTotal

VirusTotal

www.virustotal.com

 

[simmerskool]

+1~ day running Di on win10. Overnight it blocked 2 powershell scripts, I have Di popup on desktop.
two (2) | script blocked | powershell...was blocked according to your company policy
security engine= script control
security module= powershell

If I hover over the popup it displays the full script. I then logged into Di dashboard and I am NOT seeing these 2 script block events, and the main dashbd is unchanged since the initial deep static scan. Company policy, I assume, are the initial setting used at deployment, I followed @Kongo's settings. Nothing seems "broken" Performance feel at the keyboard is normal, little or no impact running Di with MS Defender (w/exclusions for Di). Occasionally if I open something Di has not seen system will balk for a second or 2, but overall minimal impact felt. I did send CyF support a question about script blocks not seen in dashbd. Will update if I learn anything useful.

 

[Trident]

Example on this sample... malicious on VirusTotal or that my agent did not react during the download and the copy...

Upon running the sample, was there any reaction?

 

[Shadowra]

Upon running the sample, was there any reaction?

Nope

+1~ day running Di on win10. Overnight it blocked 2 powershell scripts, I have Di popup on desktop.
two (2) | script blocked | powershell...was blocked according to your company policy
security engine= script control
security module= powershell

If I hover over the popup it displays the full script. I then logged into Di dashboard and I am NOT seeing these 2 script block events, and the main dashbd is unchanged since the initial deep static scan. Company policy, I assume, are the initial setting used at deployment, I followed @Kongo's settings. Nothing seems "broken" Performance feel at the keyboard is normal, little or no impact running Di with MS Defender (w/exclusions for Di). Occasionally if I open something Di has not seen system will balk for a second or 2, but overall minimal impact felt. I did send CyF support a question about script blocks not seen in dashbd. Will update if I learn anything useful.

I'm starting to think I'll do the same...
MS Defender + DeepInstinct. Too bad because I love DeepInstinct a lot, but considering the strange problems I'm seeing, it's freaking me out a bit....

 

[simmerskool]

I'm starting to think I'll do the same...
MS Defender + DeepInstinct. Too bad because I love DeepInstinct a lot, but considering the strange problems I'm seeing, it's freaking me out a bit....

I totally get that But so far worth the trip...