Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Defender will be required on a true business environment to provide threat hunting (this is where you see threat on one machine and need to inspect many others too). It will also provide forensic analysis capabilities (this is when you need to recover after a successful attack you need to know the scope, what was accessed, modified, deleted, exfiltrated, encrypted). This is what’s missing from Deep Instinct and Defender for business can provide. In addition, Defender for business will provide a powerful later of cloud ML and emulation (also known as dynamic analysis and cloud emulation/detonation). So it’s like a puzzle coming together.

If you are not on a business environment, the whole forensic analysis, threat hunting, attack recovery is not in any way useful to you. If you are still interested in Defender for Business, it is available directly from Microsoft at a very low price.
To restate to see if I understand, I can get Defender for Business, but unless it is plugged into MS analysis, there's no point...? When my wife worked for university, she did some work from home even before covid, and univ used MS business managed by univ IT. I saw it but never looked at it closely. I'll look at the link, thanks.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
To restate to see if I understand, I can get Defender for Business, but unless it is plugged into MS analysis, there's no point...? When my wife worked for university, she did some work from home even before covid, and univ used MS business managed by univ IT. I saw it but never looked at it closely. I'll look at the link, thanks.
It provides the analysis, this is the benefit of it.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
MS Defender for Business, $3.00/mo. That seems doable. Looks like it includes some analysis and you can try it for free for 30 days. Why not?
Now I have some idea of "why_not" after about 45 mins mucking around in MS Defender for Business. Relatively easy for MS to get my payment info. Beyond that... yikes! I thought it would be ok, download this, answer a few questions, and Defender Biz is up & running. NO!!... First answer 1000 questions, then good luck figuring out how to deploy, then download a file only to be blocked by Edge SmartScreen -- downloading security file from MS, blocked?? Only relevant to this thread since Di is made to run with Defender Biz. I may do better after dark with a little more coffee, or not :unsure::ROFLMAO: I have 30 day free trial to get it deployed to one win10.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
To restate to see if I understand, I can get Defender for Business, but unless it is plugged into MS analysis, there's no point...? When my wife worked for university, she did some work from home even before covid, and univ used MS business managed by univ IT. I saw it but never looked at it closely. I'll look at the link, thanks.
I think that's simply overkill and not needed on a home environment. No offence intended, but even Deep Instinct is too complex for many home users. I think you are absolutely good to go with Deep Instinct only.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
I think that's simply overkill and not needed on a home environment. No offence intended, but even Deep Instinct is too complex for many home users. I think you are absolutely good to go with Deep Instinct only.
@simmerskool likes to learn and experiment
1684965699522.png
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I think that's simply overkill and not needed on a home environment. No offence intended, but even Deep Instinct is too complex for many home users. I think you are absolutely good to go with Deep Instinct only.
AGREE, and now I know having been there for an hour or 2. o_O (you don't know what you don't know until you know...):ROFLMAO:
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
There is nothing wrong with that. Yet, it's not worth it spending even more money on enterprise security software. 😄
Definitely, majority of capabilities are of 0 value when you have one or few machines. For example what is the benefit of threat hunting when there is little chance of lateral movement and you can just go on the other PC and check yourself. 😀
 

ShenguiTurmi

Level 3
Well-known
Feb 28, 2023
123

They have a lot of different partners in the UK, but not sure about your region. Cybereason is difficult to purchase as a single license (many won’be willing to deal) because they are used to EDRs being on demand from large businesses.

I am very interested in Paloalto, Check Point and Sentinel One. Check Point I have already contacted reseller, the rest will be at a later stage. In my opinion, these are the best. CrowdStrike is good, but overrated.
Paloalto is one of the few I contacted after the developer himself made the demo for me directly, but unfortunately they said the minimum purchase for paloalto traps is 100 devices... So I didn't get it.
Sentinelone is really good, and several users I know have given it high rates, but unfortunately they have connectivity problems with their servers in China.
I've used checkpoint, and the only point I'm not happy with it is that their threat emulation feature seriously affects browser downloads, and I didn't even last the full trial period...

I received your private message, thank you very much for the information, I have no way to reply to private messages.
nomios I contacted them before and they ignored me... It seems that resellers like cyberforce, who are very ez to contact and sell for anyone who give it money are hard to find.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Definitely, majority of capabilities are of 0 value when you have one or few machines. For example what is the benefit of threat hunting when there is little chance of lateral movement and you can just go on the other PC and check yourself. 😀
live and learn (learning the hard way today... :oops: current situation here is not Di fault)
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
just wondering, @Trident mentioned that Di + Smartscreen very strong. Good and I like Di. (I do not like MS Defender for Business or rather, trying to deploy it -- seemed to me like MS has you doing everything in reverse order, I dunno?). Also advise not to run 2d opinion scanners on Di integrated windows could lead to complications, iirc). My standard WSC Smartscreen are enabled. What about Run-By-Smartscreen by @Andy Ful? Should that be added where Di is running?
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
just wondering, @Trident mentioned that Di + Smartscreen very strong. Good and I like Di. (I do not like MS Defender for Business or rather, trying to deploy it -- seemed to me like MS has you doing everything in reverse order, I dunno?). Also advise not to run 2d opinion scanners on Di integrated windows could lead to complications, iirc). My standard WSC Smartscreen are enabled. What about Run-By-Smartscreen by @Andy Ful? Should that be added where Di is running?
I mean Run By Smartscreen is user dependent and doesn't automatically check PE files if you run them. You have to manually check them through the context menu. I think it's not really necessary but definitely doesn't hurt either. If you have SAC enabled on your Windows 11 machine, then its redundant.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
Deep Instinct was on the phone with me regarding the VT situation. Apparently it is due to experimental machine learning models applied on VT before they become available to the general public (if they don’t produce too many FPs).
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Deep Instinct was on the phone with me regarding the VT situation. Apparently it is due to experimental machine learning models applied on VT before they become available to the general public (if they don’t produce too many FPs).
@Trident, I don't recall the context for "VT situation" :unsure: Meaning different results between VT and user pc running Di (ditto other av too...)? IIRC a week or 2 ago, Di was near the bottom of the listings with sandbox scanners, yes? I notice today it is in its alphabetical place among other av. If the "VT situation" is more elaborate, please enlighten us (me :rolleyes:) if you have time.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,629
@Trident, I don't recall the context for "VT situation" :unsure: Meaning different results between VT and user pc running Di (ditto other av too...)? IIRC a week or 2 ago, Di was near the bottom of the listings with sandbox scanners, yes? I notice today it is in its alphabetical place among other av. If the "VT situation" is more elaborate, please enlighten us (me :rolleyes:) if you have time.
It was reported here by some users (@Kongo and @Shadowra) that DI detects malware on VT but on their PCs it does not. I sent email to DI back then and they didn’t hear from me so they called me. So this is what they’ve told me, I suspected it was that anyway.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I see in DeepIn management console a suspicious event, powershell script, related to compattelrunner that occurs around 430am. No alerts on my desktop. I have a general understanding of what compattelrunner is doing and that some of its data collection can be disabled in win10. If this is a normal and regular MS system process, why does Di mark it as suspicious some mornings, but it seems that some mornings it runs and it is not marked as suspicious. This is where paranoid person sees "curious" and asks why :unsure: I assume I have to try to compare & analyze the ps scripts. Does a suspicious flag equal a false positive? fwiw VT DeepIn sees compattelrunner as clean. So it must be Behavioral related to the script itself, ie, I assume that not the same ps script runs every morning...?
PS Di runs super quiet and fast on my hardware win10, no detections past 7 days, more like 21 days... :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top