I like it. Fast light granular tweaking, good documentation, friendly responsive support in US from reseller Cyberforce, has many layer-flavors so minimal or no other security apps needed, my first suggestion put it on VM first. Why did I deploy... I like AI thingies, accorded to Microsoft, ESET humptydumpty'ed my win firewall, so I had a spot for it on my hardware win10. Others can better explain it strengths and weaknesses, if any. It does have its nuances. "Awesome and intelligent endpoint. It is also light and resource efficient. It doesn't affect the performance of the host device yet performing effectively. Rolling out and installation were easy and smooth. Silently acts on any threats and applies the most appropriate response." When it does something, it gives you lots of info about what it did.
www.gartner.com
forensics.checkpoint.com
Just reportin' my experience in close to real-time, and YES! Good software and I'm learning stuff too. I like it. IMO best on a VM until you get as smart as it is
Using second opinion scanners is fine but you must add the scanner to behavioural blocking exclusions. Not adding the second opinion scanner under exclusions will subject its behaviour to vigorous monitoring, will increase the size of the forensic database and will cause degradation of performance as both the scanner and DI will be very active. In addition, it may also generate noise.@Trident suppose user wants to run a 2d opinion scan once a week or once a month, eg, NPE KVRT ESET online, F-Secure online, would you, can you, run those while Di is running, or do you disable Di, or better just don't do it??
PS what was frustrating for me on Monday, I was 99% sure I was following correct steps to allow a Behavioral analysis exception for software I that is known good and I run on regularly. But Di would not let run. On Monday, support techs assumed that I borked it somehow, and they sent me marginal replies without really taking a look. I "wasted" half a day to get them to take a deeper look, (more like 2/3 of a day) and it was only then they realized that their machine was not properly talking to my machine. I think they tweaked something on their end to fix that, which then fixed the problem. End of rant. Except for first half of today, the support techs have been very good. And finished very good by the end of the day.
Got it, I will not run any. Makes sense given what I've learned so far about Di.
Users here like to learn, hence they go through the drama. Home AVs are too automated and boring for many (including for myself). The business solutions have a lot going on and provide a lot of details (I personally love them, look at those Check Point reports above which are now even more detailed). They provide deep dive into the malicious behaviour, Mitre Att&CK matrix and others. Users who don’t care about any of that are fine with home AVs.
Yes I know, its a good learning experience trying software like this.
two more cons:
No, EDR/XDR there is just no way. Also the protection components are not enough to call it that. If anyone wants EDR they can combine it with Defender for business or another solution.
They did, but I don't know why they did it. They implemented the mapping index to att&ck by modifying the settings and participated in the EDR test of mitre.
They can participate in this test without being an EDR. There is no requirement that the product should be EDR, it should be a business solution. Check Point also tested there and with very high coverage, isn’t an EDR either.
So the curious question: At first I had Defender (consumer - home) but was urged by Cyberforce to integrate Di which turned off Defender. Ok. So CyF offers Di but not Defender for business or is it called for enterprise? Is Defender business available for us folks?If anyone wants EDR they can combine it with Defender for business or another solution.
Btw did you see those Check Point reports I left in one of the previous posts? I love them
If so, how / where. or skip thinking like that
Defender will be required on a true business environment to provide threat hunting (this is where you see threat on one machine and need to inspect many others too). It will also provide forensic analysis capabilities (this is when you need to recover after a successful attack you need to know the scope, what was accessed, modified, deleted, exfiltrated, encrypted). This is what’s missing from Deep Instinct and Defender for business can provide. In addition, Defender for business will provide a powerful later of cloud ML and emulation (also known as dynamic analysis and cloud emulation/detonation). So it’s like a puzzle coming together.So the curious question: At first I had Defender (consumer - home) but was urged by Cyberforce to integrate Di which turned off Defender. Ok. So CyF offers Di but not Defender for business or is it called for enterprise? Is Defender business available for us folks?
I'm actually curious to try a full EDR solution. Another guy from my company bought cylance optics a while back and I watched him test it, but their EPP section left me very unsatisfied (extremely high false positive rate). crowdstrike's EDR is good, but too expensive.
www.nomios.co.uk
activereach.net
