Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

[Trident]

No, I am not talking about the extension as this provides security only in browser. Download Avast Free and when installing, uncheck all components apart from Avast Web Shield. This will block malicious connections system-wide (from all apps). It will also block phishing and malware downloads in browser. This is what Deep Instinct is missing and will be a great security boost.

Additional note: if Deep Instinct is indeed registered as your antivirus, Avast will install in passive mode. In the main UI, there will be a button to exit passive mode.

If Deep Instinct is not registered as your antivirus provider, the note above is not applicable.

 

[simmerskool]

I think the support agent didn’t read properly (which frequently is the case).
The right word is “register” as you are not integrating anything. The security centre serves like a book where information about the security status is written.

Sure the CyF tech might have balked on that one, but the DeepInstinct Admin Guide and Deployment Guide use "integrate" (I'm not making that up)
Question: has anyone installed Di on hardware with "integrate" enabled. ("integrate" is also the word used in the Di console). What then appears in the WSC display? And can you go back into Di console and disable the integration switch and does Defender (or 3d party av) then reappear in WSC? That's how (easy) the CyF tech made it sound to me. Wondering if "deploy" & "integrate" are enterprise terms of art. to make the simple mysterious

 

[Trident]

Don’t forget Deep Instinct is Israeli software, not American or British. The right word grammatically is register, but vendors can use integrate, add, engrave or whatever they believe is right.

Deploy is an enterprise word, yes.

 

[simmerskool]

“Post-integration” defender will not look at anything, it will be disabled.
The process of disabling itself is carried out by the Security Centre which serves as a Defender manager.

It’s like Deep Instinct says “Hi, I’m an antivirus” and Security Centre wants you to use one at a time, so instantly disables Defender. Like when you go to work and you clock in, you are registering yourself at work. You are not integrating yourself there

And if I "integrate" -- Defender disabled, understood. And if & when I disable integration on Di console, will Defender or WSC re-enable Defender? That is my question since ESET chewed up my firewall (according to MS techs).
PS. I never really "clocked-in" but was available 24/7/365, and now I'm retired or semi-retired, considering taking course(s) for a DeepInstinct certification

 

[Trident]

considering taking course(s) for a DeepInstinct certification

Come through Mr, you’ve reached the ShadowKonDent certification academy. Here we will certify you in no time.
@Shadowra @Kongo

And if I "integrate" -- Defender disabled, understood. And if & when I disable integration on Di console, will Defender or WSC re-enable Defender? That is my question since ESET chewed up my firewall (according to MS techs).

I know that this is the case of your concern. It will not he damaged and its integrity will not be broken. It will be re-enabled when needed.

 

[simmerskool]

Avast Online Security & Privacy - Microsoft Edge Addons no ?

merci -- I checked again from my hardware Edge, and now it finds Avast Online Security and Privacy, but I was looking for (per Trident) Avast Web Shield, & no Avast software comes up with that search. I'm a little anal about word usage at the moment... I just don't want to push the wrong enable button and find I cannot undo whatever just happened...

No, I am not talking about the extension as this provides security only in browser. Download Avast Free and when installing, uncheck all components apart from Avast Web Shield. This will block malicious connections system-wide (from all apps). It will also block phishing and malware downloads in browser. This is what Deep Instinct is missing and will be a great security boost.

Additional note: if Deep Instinct is indeed registered as your antivirus, Avast will install in passive mode. In the main UI, there will be a button to exit passive mode.

If Deep Instinct is not registered as your antivirus provider, the note above is not applicable.

ok understand now. I'll consider Avast module after I integrate / register Di with WSC, or not? I'm still on the fence, but fence is getting a little lower.

Don’t forget Deep Instinct is Israeli software, not American or British. The right word grammatically is register, but vendors can use integrate, add, engrave or whatever they believe is right.

Deploy is an enterprise word, yes.

Shalom

 

[Shadowra]

No, I am not talking about the extension as this provides security only in browser. Download Avast Free and when installing, uncheck all components apart from Avast Web Shield. This will block malicious connections system-wide (from all apps). It will also block phishing and malware downloads in browser. This is what Deep Instinct is missing and will be a great security boost.

Additional note: if Deep Instinct is indeed registered as your antivirus, Avast will install in passive mode. In the main UI, there will be a button to exit passive mode.

If Deep Instinct is not registered as your antivirus provider, the note above is not applicable.

Or Malwarebytes Anti-Malware or extension

 

[Trident]

Or Malwarebytes Anti-Malware or extension

It’s great but provides security only on browser whilst Web Shield can effectively block exfiltration, secondary payloads, attempts for ransomware to call home for private key, lateral movement and others.

 

[simmerskool]

Come through Mr, you’ve reached the ShadowKonDent certification academy. Here we will certify you in no time.
@Shadowra @Kongo

I know that this is the case of your concern. It will not he damaged and its integrity will not be broken. It will be re-enabled when needed.

Finally an answer I can live with. CyF tech implied the same thing but avoided answering the question.

Deep Instinct Certified Engineer (DICE) | Deep Instinct

To take advantage of Deep Instinct’s prevention-first approach and protect your environment, you need to understand how to use the Deep Instinct Prevention Platform and gain maximum value from its capabilities. At Deep Instinct your safety is our success. Therefore, Deep Instinct has designed...

www.deepinstinct.com

Or Malwarebytes Anti-Malware or extension

I have 6 win10_vm each config'd differently, is MBAM worthy of "'deployment" as a system AV? I sometimes use it for 2d opinion if not uninstalled by Kaspersky etc. you find the MBAM extension good, but let's not go off_Di_topic too much

 

[Shadowra]

I have 6 win10_vm each config'd differently, is MBAM worthy of "'deployment" as a system AV? I sometimes use it for 2d opinion if not uninstalled by Kaspersky etc. you find the MBAM extension good, but let's not go off_Di_topic too much

I won't use it as my main AV, but the extension is very effective

 

[Andy Ful]

An interesting (technical) article, written by guys from DeepInstinct.
DeepOrigin: End-to-End Deep Learning for Detection of New Malware Families

https://arxiv.org/pdf/1809.08479.pdf

Abstract—In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware and are invariant to small modifications that do not change their malicious functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape

They use nonstandard signatures that capture the file's main functionality in ways that allow differentiating between known and unknown malware families.

Our main contributions in this paper are:
• A novel method for file signature generation. We use these signatures to construct a new classifier that distinguishes between known malware families and new ones, unseen in the wild ones. The initial input generation is automatic and does not rely on domain-specific knowledge or any specific aspect of the file (static or dynamic). Primarily we are using a supervised multi-class classifier (trained on already seen labeled malware) to generate low dimensional file signatures that in turn are used as input to a new classifier that solves the issue of measuring functional differences between malware families.
• A unique threat landscape visualization method that allows for rationalizing about malware novelty: Unseen malware generates low neuron outputs. Plotting these outputs on a low dimensional space gathers new malware relatively close to the origin point and scatters known malware at a distance. This overview is a powerful forensics tool that also provides a glimpse into the neural network.

 

[Trident]

@Andy Ful this will take a while to absorb, it is highly technical.

So they can basically tell that a malware is not one of the known ones (such as let’s say Bladabindi or the Avaddon Ransomware) but a truly new and unique one? It’s how I understood it…

 

[Andy Ful]

@Andy Ful this will take a while to absorb, it is highly technical.

So they can basically tell that a malware is not one of the known ones (such as let’s say Bladabindi or the Avaddon Ransomware) but a truly new and unique one? It’s how I understood it…

They use a geometrical distance. The greater the distance from known malware families the more unknown is the malware. The unknown malware is usually located close to the origin (violet squares):

 

[Trident]

They use a geometrical distance. The greater the distance from known malware families the more unknown is the malware. The unknown malware is usually located close to the origin (violet squares):

View attachment 275472

Usually genome analysis looks for the opposite, it looks to calculate similarities. Just one line of code is sometimes enough (it has been applied in solutions like Intezer, Check Point Malware DNA and others usually under the form of rich threat intelligence service add-on). This one looks to detect differences, for analysts to know that extensive security measures (not just specific to one family) should be applied. It takes a while to understand its purpose.

 

[simmerskool]

fwiw, I am now "integrated" | easy-peasy (in hindsight) | all looks good, as it should and as anticipated.
MS Defender is OFF, Windows Firewall is ON.
I think I was dealing with PTSD after my recent MS forced in-place upgrade (nothing to do with Di)
Now I should be able to better focus on the Di nuance tweaks.

But I do have a question: Dashboard MFA (2fa). If I"m reading it correclty, for verification dashbd wants user email address password... Does that sound right? If correct, that might make sense in a corporate true enterprise environment, but not for us reseller (Cyberforce) users. Or am I confused again? & I gleaned this from CyF tech...!!

going to DL Avast Free for its Web Shield. Now that Di is registered you say Avast Web Shield will install passively, and you're saying to then change AWS to "active" (is that the right word?)
Is installing software an issue with Di, ie, does it need to be disabled during an install? I assume not...

 

[carl fish]

what is management sever address when installing the client?

 

[ShenguiTurmi]

what is management sever address when installing the client?

same as web portal address
from aml(taiwan reseller):aml.customers.deepinstinctweb.com
from cyberforce:cyberforce.customers.deepinstinctweb.com

 

[simmerskool]

fwiw, I bought a 2d DeepInstinct license and installed (aka deployed) it on a win10_vm. It's actually easy once you a have couple of key facts. Depending on how you deploy it (more than 1 method I think), it either runs a Deep Static Scan, on my host win10 that scan took 4.3 hours, or it runs that scan in background, on this VM it ran in background and relatively fast, I did not even notice it was scanning in terms of impact, or it does not run a scan. I'm running malwarebytes browser extension.

I saw @AndyFul post in this thread, any opinion about using H_C or SWH with DeepIn, the goal being to avoid conflicts

 

[Andy Ful]

I saw @AndyFul post in this thread, any opinion about using H_C or SWH with DeepIn, the goal being to avoid conflicts

There should not be any issues. But, adding SWH or H_C to AV+DI looks too complex for me.

 

[Trident]

There should not be any issues. But, adding SWH or H_C to AV+DI looks too complex for me.

Definitely. And Deep Instinct already includes features related to system hardening.