Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

[Kongo]

I'm not seeng a firewall in the spoilers on the 1st page. So I should be using Windows default firewall?

Thanks

I mean you've got most of the protection covered, but I think restricting the outbound connections of LOLBins can be quite useful for stealer-malware. So I am personally using Microsoft Defender Firewall with a public profile and hardened it with the Firewall Hardening Tool from @Andy Ful

 

[Shadowra]

From the rating for DI given below it's much better than Trellix and Harmony

Best Endpoint Protection Platforms Reviews 2024 | Gartner Peer Insights

Find the top Endpoint Protection Platforms with Gartner. Compare and filter by verified product reviews and choose the software that’s right for your organization.

www.gartner.com

I'll not take any endpoint with rating less than 4.7. And those who qualify are

1) Deep Instinct 4.7/5
2) Sophos Intercept X 4.8/5
3) CrowdStrike Falcon 4.8/5
4) Singularity XDR 4.8/5
5) CylancePROTECT 4.7/5
6) GravityZone Business Security Enterprise 4.7/5
7) REVE Endpoint Security 4.8/5
8) G Data Endpoint Protection 4.8/5
9) Application Control 4.8/5
10) 360 Total Security for Business 4.7/5
11) Nucleon Smart Endpoint 5/5
12) VIPRE Endpoint Security 5/5
13) EMSISOFT 5/5
14) TRAPMINE Platform 5/5
15) AhnLab EPP 5/5

The question is which are the ones more affordable for home use?

I don't think these notes are important.
At work, we use Trendmicro's ApexOne to protect all our computers (we use MacOS a lot, but we also have Windows servers) and it works very well.
The administration console is as complete as DI, especially in terms of rules, and I believe it also includes an EDR.
Detection is also very good.

The same goes for SEP (Norton), one of the leaders in the enterprise market.

 

[simmerskool]

I'm not seeng a firewall in the spoilers on the 1st page. So I should be using Windows default firewall?

Thanks

I think that is correct. My WSC Windows Firewall shows "turned on."
EDIT @Kongo's suggestion to use Firewall Hardening sounds like a good idea.

 

[NormanF]

Majority of them have no reseller that would sell just a single or even few stations license. Specially the one that contain Enterprise in the name or XDR, expect a minimum requirement of >150 stations. For less, they won’t even reply to you.

I am guessing Vipre Endpoint, GData Endpoint are quite affordable. I know for a fact that Sophos is affordable.

Harmony Endpoint is affordable. If you're looking for endpoint software that runs only on servers, look elsewhere. That's why they're only made available for the corporate market and don't have relevance for home users.

 

[HarborFront]

DI has an android app. Do you need to pay separately or can use the same activation key as the desktop version?

Thanks

 

[HarborFront]

The DI engine was tested by AV-Comparatives a few months ago:

https://assets.virustotal.com/reports/spc_fdt_deepinstinct_202212_en.pdf

Test Results for DI engine (PE files):
malware detection rate 92.4%
False Alarm rate 0

From other sources, it follows that DI can be a strong protection against ransomware attacks.
DI should enhance Defender protection because Defender's local AI is not so strong.

Edit.
For comparison:

https://www.av-comparatives.org/wp-content/uploads/2022/05/spc_google_vt_202205.pdf

I think AV/AM like BD/Kaspersky/Norton etc give better detection rate, right? I thought EPP/EDR etc should be superior than AV/AM for end user? Then buy DI for what?

 

[Andy Ful]

I think AV/AM like BD/Kaspersky/Norton etc give better detection rate, right? I thought EPP/EDR etc should be superior than AV/AM for end user? Then buy DI for what?

I do not use DI and do not have sufficient knowledge of DI to compare it with other solutions. This would require more testing.

 

[HarborFront]

Does DI protects the uefi?

Can't find anything in the spoilers on the 1st page

 

[Kongo]

Does DI protects the uefi?

Can't find anything on the spoilers on the 1st page

Find a sample that isn't already detected by static AI and let's test.

 

[HarborFront]

Find a sample that isn't already detected by static AI and let's test.

The following rootkit/bootkit malware affect the UEFI

1) Lojax - detected by ESET-NOD32 but cannot be removed because it resides in the UEFI
2) Moonbounce
3) BlackLotus

If you can find them you can test DI with them

Generally, these malware are trojans and AV/AM will detect and block them, if possible. However, once they infect the UEFI then likely you are gone.

FYI

Lojax - It is capable of surviving the re-installation of the Windows operating system or even hard drive replacement.
Moonbounce - Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
BlackLotus - BlackLotus was able to run on fully patched Windows 11 systems with UEFI Secure Boot enabled

 

[NormanF]

The following rootkit/bootkit malware affect the UEFI

1) Lojax - detected by ESET-NOD32 but cannot be removed because it resides in the UEFI
2) Moonbounce
3) BlackLotus

If you can find them you can test DI with them

Generally, these malware are trojans and AV/AM will detect and block them, if possible. However, once they infect the UEFI then likely you are gone.

FYI

Lojax - It is capable of surviving the re-installation of the Windows operating system or even hard drive replacement.
Moonbounce - Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
BlackLotus - BlackLotus was able to run on fully patched Windows 11 systems with UEFI Secure Boot enabled

Malware that infects hardware can't removed by any known endpoint security product because its persistent. The only way to eradicate it is to destroy and replace the infected machine.

 

[Trident]

Malware that infects the UEFI can be destroyed only by flashing the UEFI. In fact even products that scan the UEFI such as Bitdefender, Eset and Avast detect malware but require you to proceed with the flashing. They are unable to clean the UEFI or tamper with it in any way. DI does not feature UEFI scanning.

 

[NormanF]

Malware that infects the UEFI can be destroyed only by flushing the UEFI. In fact even products that scan the UEFI such as Bitdefender, Eset and Avast detect malware but require you to proceed with the flushing. They are unable to clean the UEFI or tamper with it in any way. DI does not feature UEFI scanning.

You mean flashing? Like how people upgrade the BIOS on their PC.

 

[Trident]

You mean flashing? Like how people upgrade the BIOS on their PC.

Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart (part of Wolf Security), where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

 

[NormanF]

Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart, where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

My HP ZBook mobile workstation is protected from such tampering. High end devices in the business world are more exposed to cyber threats to subvert endpoints than home users are.

 

[HarborFront]

Malware that infects hardware can't removed by any known endpoint security product because its persistent. The only way to eradicate it is to destroy and replace the infected machine.

You can send your laptop/PC back to the manufacturer for UEFI flashing

 

[Kongo]

All that assumes that you even get infected by a rootkit which seems pretty unlikely nowadays. I would worry more about stealer malware.

 

[HarborFront]

Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart (part of Wolf Security), where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

If I'm not wrong SureStart has DI inside

 

[Trident]

If I'm not wrong SureStart has DI inside

HP Wolf Security includes a rebrand of DI as well as SureStart and various other components. It focuses on containment mostly.

 

[monoloko88]

Hello I recently purchased a license but I dont know exactly how to add an exclusion.
DeepInspect is throwing alerts of Steam code injection and what I can only do is to put code inject behaviour to 'detect' and not to 'prevent'.
Any idea? Thanks