Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
No, I am not talking about the extension as this provides security only in browser. Download Avast Free and when installing, uncheck all components apart from Avast Web Shield. This will block malicious connections system-wide (from all apps). It will also block phishing and malware downloads in browser. This is what Deep Instinct is missing and will be a great security boost.

Additional note: if Deep Instinct is indeed registered as your antivirus, Avast will install in passive mode. In the main UI, there will be a button to exit passive mode.

If Deep Instinct is not registered as your antivirus provider, the note above is not applicable.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
I think the support agent didn’t read properly (which frequently is the case).
The right word is “register” as you are not integrating anything. The security centre serves like a book where information about the security status is written.
Sure the CyF tech might have balked on that one, but the DeepInstinct Admin Guide and Deployment Guide use "integrate" (I'm not making that up)
Question: has anyone installed Di on hardware with "integrate" enabled. ("integrate" is also the word used in the Di console). What then appears in the WSC display? And can you go back into Di console and disable the integration switch and does Defender (or 3d party av) then reappear in WSC? That's how (easy) the CyF tech made it sound to me. Wondering if "deploy" & "integrate" are enterprise terms of art. :unsure: to make the simple mysterious :ROFLMAO:
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Don’t forget Deep Instinct is Israeli software, not American or British. The right word grammatically is register, but vendors can use integrate, add, engrave or whatever they believe is right. 😀

Deploy is an enterprise word, yes.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
“Post-integration” defender will not look at anything, it will be disabled.
The process of disabling itself is carried out by the Security Centre which serves as a Defender manager.

It’s like Deep Instinct says “Hi, I’m an antivirus” and Security Centre wants you to use one at a time, so instantly disables Defender. Like when you go to work and you clock in, you are registering yourself at work. You are not integrating yourself there 😀
And if I "integrate" -- Defender disabled, understood. And if & when I disable integration on Di console, will Defender or WSC re-enable Defender? That is my question since ESET chewed up my firewall (according to MS techs).
PS. I never really "clocked-in" but was available 24/7/365, and now I'm retired or semi-retired, considering taking course(s) for a DeepInstinct certification :geek:
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
considering taking course(s) for a DeepInstinct certification
Come through Mr, you’ve reached the ShadowKonDent certification academy. Here we will certify you in no time.
@Shadowra @Kongo
And if I "integrate" -- Defender disabled, understood. And if & when I disable integration on Di console, will Defender or WSC re-enable Defender? That is my question since ESET chewed up my firewall (according to MS techs).
I know that this is the case of your concern. It will not he damaged and its integrity will not be broken. It will be re-enabled when needed.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
merci -- I checked again from my hardware Edge, and now it finds Avast Online Security and Privacy, but I was looking for (per Trident) Avast Web Shield, & no Avast software comes up with that search. I'm a little anal about word usage at the moment... :ROFLMAO: I just don't want to push the wrong enable button and find I cannot undo whatever just happened... :oops:

No, I am not talking about the extension as this provides security only in browser. Download Avast Free and when installing, uncheck all components apart from Avast Web Shield. This will block malicious connections system-wide (from all apps). It will also block phishing and malware downloads in browser. This is what Deep Instinct is missing and will be a great security boost.

Additional note: if Deep Instinct is indeed registered as your antivirus, Avast will install in passive mode. In the main UI, there will be a button to exit passive mode.

If Deep Instinct is not registered as your antivirus provider, the note above is not applicable.
ok understand now. I'll consider Avast module after I integrate / register Di with WSC, or not? :unsure: I'm still on the fence, but fence is getting a little lower.

Don’t forget Deep Instinct is Israeli software, not American or British. The right word grammatically is register, but vendors can use integrate, add, engrave or whatever they believe is right. 😀

Deploy is an enterprise word, yes.
Shalom
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,631
No, I am not talking about the extension as this provides security only in browser. Download Avast Free and when installing, uncheck all components apart from Avast Web Shield. This will block malicious connections system-wide (from all apps). It will also block phishing and malware downloads in browser. This is what Deep Instinct is missing and will be a great security boost.

Additional note: if Deep Instinct is indeed registered as your antivirus, Avast will install in passive mode. In the main UI, there will be a button to exit passive mode.

If Deep Instinct is not registered as your antivirus provider, the note above is not applicable.

Or Malwarebytes Anti-Malware or extension :)
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
Come through Mr, you’ve reached the ShadowKonDent certification academy. Here we will certify you in no time.
@Shadowra @Kongo

I know that this is the case of your concern. It will not he damaged and its integrity will not be broken. It will be re-enabled when needed.
Finally an answer I can live with. :love: CyF tech implied the same thing but avoided answering the question.


Or Malwarebytes Anti-Malware or extension :)
I have 6 win10_vm each config'd differently, is MBAM worthy of "'deployment" as a system AV? I sometimes use it for 2d opinion if not uninstalled by Kaspersky etc. you find the MBAM extension good, but let's not go off_Di_topic too much
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,631
I have 6 win10_vm each config'd differently, is MBAM worthy of "'deployment" as a system AV? I sometimes use it for 2d opinion if not uninstalled by Kaspersky etc. you find the MBAM extension good, but let's not go off_Di_topic too much

I won't use it as my main AV, but the extension is very effective
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
An interesting (technical) article, written by guys from DeepInstinct.
DeepOrigin: End-to-End Deep Learning for Detection of New Malware Families

Abstract—In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware and are invariant to small modifications that do not change their malicious functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape

They use nonstandard signatures that capture the file's main functionality in ways that allow differentiating between known and unknown malware families.

Our main contributions in this paper are:
• A novel method for file signature generation. We use these signatures to construct a new classifier that distinguishes between known malware families and new ones, unseen in the wild ones. The initial input generation is automatic and does not rely on domain-specific knowledge or any specific aspect of the file (static or dynamic). Primarily we are using a supervised multi-class classifier (trained on already seen labeled malware) to generate low dimensional file signatures that in turn are used as input to a new classifier that solves the issue of measuring functional differences between malware families.
• A unique threat landscape visualization method that allows for rationalizing about malware novelty: Unseen malware generates low neuron outputs. Plotting these outputs on a low dimensional space gathers new malware relatively close to the origin point and scatters known malware at a distance. This overview is a powerful forensics tool that also provides a glimpse into the neural network.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@Andy Ful this will take a while to absorb, it is highly technical.

So they can basically tell that a malware is not one of the known ones (such as let’s say Bladabindi or the Avaddon Ransomware) but a truly new and unique one? It’s how I understood it…

They use a geometrical distance. The greater the distance from known malware families the more unknown is the malware. The unknown malware is usually located close to the origin (violet squares):

1684365225732.png
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
They use a geometrical distance. The greater the distance from known malware families the more unknown is the malware. The unknown malware is usually located close to the origin (violet squares):

View attachment 275472
Usually genome analysis looks for the opposite, it looks to calculate similarities. Just one line of code is sometimes enough (it has been applied in solutions like Intezer, Check Point Malware DNA and others usually under the form of rich threat intelligence service add-on). This one looks to detect differences, for analysts to know that extensive security measures (not just specific to one family) should be applied. It takes a while to understand its purpose. 😀
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
fwiw, I am now "integrated" | easy-peasy (in hindsight) | all looks good, as it should and as anticipated.
MS Defender is OFF, Windows Firewall is ON.
I think I was dealing with PTSD after my recent MS forced in-place upgrade (nothing to do with Di)
Now I should be able to better focus on the Di nuance tweaks. :D

But I do have a question: Dashboard MFA (2fa). If I"m reading it correclty, for verification dashbd wants user email address password... Does that sound right? If correct, that might make sense in a corporate true enterprise environment, but not for us reseller (Cyberforce) users. Or am I confused again? & I gleaned this from CyF tech...!!

going to DL Avast Free for its Web Shield. Now that Di is registered 🤩 you say Avast Web Shield will install passively, and you're saying to then change AWS to "active" (is that the right word?)
Is installing software an issue with Di, ie, does it need to be disabled during an install? I assume not...
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
fwiw, I bought a 2d DeepInstinct license and installed (aka deployed) it on a win10_vm. It's actually easy once you a have couple of key facts. Depending on how you deploy it (more than 1 method I think), it either runs a Deep Static Scan, on my host win10 that scan took 4.3 hours, or it runs that scan in background, on this VM it ran in background and relatively fast, I did not even notice it was scanning in terms of impact, or it does not run a scan. I'm running malwarebytes browser extension.

I saw @AndyFul post in this thread, any opinion about using H_C or SWH with DeepIn, the goal being to avoid conflicts :cautious: :unsure:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top