Deep Instinct Prevention Platform Reviews

Our primary use case is anti-malware, to prevent endpoints from getting viruses.

Deep Instinct complements the solutions we already have. You don't need to rip and replace any antivirus or endpoint that you have. It's easy to use and it's easy to have it side-by-side with other solutions. That makes it really easy to have an additional level of endpoint protection, rather than to hassle with doing solution migration.

It helps with real-time prevention of unknown malware. I have seen several instances where, when I surf the web, Deep Instinct prevents it and quarantines it for me. The other solution that I am using doesn't pick it up. Deep Instinct prevented me from clicking on it. Otherwise, I would have been infected.

Also, the CPU consumption is low compared to what I have been using in my current environment. The footprint is a lot smaller, about a quarter of what I have now. It is very small. It doesn't use up many resources. It's only when it's running one particular type of scan that it really spikes up the resources. Otherwise, it really just stays in the background and is low on footprint.

What is commendable about Deep Instinct is that they have a single platform, regardless of whether you have Windows, Mac, or even Android phone. It's a very good platform because it's all-in-one.

In addition, it's easy, because once you deploy the endpoint, the policy comes in and there is not much to configure. You can do whatever you like, unlike other solutions where you need to explicitly create exceptions if you want to do certain things. Here, you can do anything that you want and have the assurance that Deep Instinct will catch anything that is malicious.

The malware classification is very good because it tells me, "This is most likely ransomware or a worm." In other solutions, they usually just have a flat statement saying it's a worm or just that it's a virus. That leaves it open-ended and you have to do your own investigation, put it into a sandbox and really explore it before you actually know what it is. A lot of technical or even expert knowledge is required before you can analyze it. Here, you can do it without an expert opinion. It's better laid out in the static form. It even tells you the process chain, where you know what executes and then what happens to it. If it's running something that it shouldn't, then that's potentially something bad.

I would like to see improvement in the user interface so that the user has more control. For example, it would be good if a user could change their grouping if they want to be part of another group. Or if I want to right-click and scan a specific file that I just imported, that would be helpful. Sometimes you just want to do an extra scan to make sure you're safe.

So far it has not crashed. It has not given me any problems. It's a very stable application.

Because it is cloud-based, you can scale. Because it runs on AWS, ultimately the bandwidth is as big as AWS can provide, which is as big as you can imagine.

In my office there are about 20 users, but we do have customers outside our office who are also using it.

So far they have been rather responsive. They have been able to give an analysis of instances or events that we have sent them, and they have been able to come back with positive results. Turnaround has been within a day.

I work for a company that is a distributor for Deep Instinct. We use it as well as sell it. It's in our interest to be familiar with the product to sell it and support it.

It's very easy. You can deploy to many endpoints in a very short amount of time. If you are doing it manually, it's just one simple command.

I can deploy it in a number of minutes for one or two machines. Configuring the policies takes about five minutes, and then deploying takes another five minutes or. All in all, ten minutes.

In terms of an implementation strategy, to deploy it to the masses it would be easier to go by Microsoft SCCM or any Mass Deployment Tools. You just put in a script and it will run and everyone will be done automatically. You just monitor it through the Deep Instinct dashboard. Usually, in other solutions, you won't get updates until a long time after. Here you see the overall status of every user: Are they registered? Are they deployed? Are they uninstalled? It is very intuitive.

You don't need a lot of people to maintain it. You might need two or three people to do round-the-clock standby. 

I don't deal with sales, I am the technical guy, the sales engineer. I do see satisfaction from customers. They are happy that there is a solution that differentiates itself from the other solutions and is really able to complement whatever they have. I do see many customers being satisfied with this solution.

Time savings are definitely there. If you cut down the incidents, you save the time dealing with them. If you don't have to deal with them, that's a lot of time saved. And since you don't have to have people to manage the solution, that's people saved. In multiple ways there is ROI, it's definitely there.

Because we are doing the MSSP model for Deep Instinct, we are able to get even very few licenses. Users can sign up even if they have a small office or, of course, a big office. It's really scalable and elastic in that sense.

Now that I have Deep Instinct, I don't know if one day I will just uninstall my current solution.

Compared to various competitors, Deep Instinct has a differentiator: It really does deep learning. Many of those doing machine-learning require the cloud. Deep Instinct is able to do it on-prem and fully self-contained. Once I install it I can even go offline or even go away from the cloud. It gives assurance that you're protected for a long time.

Generally, as a company, we like the solution. As compared to many other solutions on the market, it has a differentiator: the deep learning, and they even share what their deep learning algorithms are. You are really assured that this thing will be able to solve real-world problems.

In terms of Deep Instinct finding any malicious files which were underscored by other solutions, I have not really gone into the details but I do see that sometimes, when I click on the link to go to Virus Total, it doesn't show up anywhere else. But I haven't really dug deep enough.

As for the extent to which it is used in our organization, it is generally used, everybody has it. The beauty about Deep Instinct is that you can set and forget it. You don't really have to deal with it, unlike other solutions where you have to constantly have an IT administrator who manages it day in, day out. Here, it's more like when and if something happens, then I take a look.

I expect we will increase our usage of it. As more users come on board, we could have it installed as part of the standard package. In general, I would like to see more people install and use Deep Instinct.

One feature that is not utilized that much is the appliance on-prem sandbox where you can generate static notices for P-Files, because people generally don't log in much to take a look. So they don't generate messages. Similarly, the upload locks are under-used, because you can do it centrally. You don't have to visit the users, you can just do it from the console which is a very awesome feature.

In terms of the rate of false positives, compared to other solutions, it depends on the environment. Some environments have more, some have less. Some don't even have any. It varies. It's more conditional. Every solution has its fair share of false positives. In some environments there are more, some there are less. If you were to put them all together in the same environment then you will be able to make an apples to apples comparison.

I use it quite extensively. I use it on my PC, server, and mobile phone for my own testing. I also use it for testing of some of my business partners, including telecommunications, construction companies, banks, EFSIs, different industries, and different scenarios.

The installation and configuration are simple in Deep Instinct. The policy is easy, taking maybe a couple minutes to set it up. Usually, we use the default policy setting and enable the SMTP and SYSLOG to configure the administrator information, as the configuration work is low.

We do need to set up some releases for different environments. Some customers have some custom-made applications in their environments, which are more distinct. However, it doesn't spend too much time for every deployment, benefiting the customer.

We use this solution for classification of unknown malware without human involvement. I collect malware from the internet. I put it into the testing environment of Deep Instinct, and it can always be detected.

• High accuracy
• High detection rate
• Low false positive rates
• Easy deployment
• It is not necessary to update signatures.
• There is no database.

The detection rate is very high. In all the testing with around 20 partners in different environments, quite a lot of them had installed with other anti-malware applications, like Sophos. This software can co-exist with those applications in the same machine. This is impressive.

I found Deep Instinct can detect a lot of unknown malware early. Others, like Sophos, could find the same malware maybe a couple weeks weeks or a month later, since a lot of malware is not being reported to the virus websites.

Deep Instinct's detection rate is close to 100 percent.

After they introduced the behavior analysis engine, I even detected attacks via vulnerabilities in Microsoft. Its false positives are very low, because the behavior analysis engine double checks them.

I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS.

At this point, they don't have a local quarantine feature that can be triggered by the agents. It has to be done by whitelisting. Deep Instinct has also said that this will be available in Q2 2019. 

It is quite stable. So far, there was one bug in a previous version, which I couldn't uninstall. I consulted with an Deep Instinct engineer, and they had a quick check, then spent 15 minutes easily fix it. 

Besides, that one issue, I haven't had any serious problems with the software.

Scalability is fine. The server can easily take up to 1000 agents. The server is simply a management console.

Our customers are looking to scale up pretty quickly because they have seen the benefit of its use.

The technical support is quite good. The engineer who I usually contact is in a different time zone. They do have another engineer who is in a similar time zone, but he is not the one who was my initial contact. While the new contact is in Singapore, I usually contact the engineer in Israel since his understanding is better. Every question that I have asked, he can answer it. Even for cases where there is an unknown malware. For example, I ask him, "Can you check it out? What type of malware is it? What is that behavior? What's its background?" He can return to me within one or two days with an answer. Also, if there are any problems, he can do the remote troubleshooting quickly.

The initial setup is straightforward and easy. Deployment takes three to five seconds. There is no configuration on the agent side. The policy setting is all on the web console. Usually, we use the same implementation for all customers, this is to use the default strategy.

They use a cloud management server. So, I can check logs and do the configuration by simply using the web browser, no matter where I am. This is quite convenient. Also, deployment is easy because it takes one command and three to five seconds. In some cases, when we deploy Deep Instinct, especially in conjunction with existing anti-malware software, we don't need to delete the existing anti-malware. It can co-exist together. Therefore, the company doesn't need to risk removing the existing anti-malware. 

It's not easy to remove an anti-malware application. Usually, you will have some trouble.

For Deep Instinct, it doesn't need me to download a database. It doesn't need any configuration. I can deploy a hundred machines in maybe an hour.

The time savings is very obvious. For ongoing maintenance, I don't need to take care of it at all. I just let it run.

Another thing is it does not need an expert to work with it. Sometimes, when you set up a policy or different settings on another solution, you need a network engineer and a systems engineer, and even someone who specialized in antivirus or security. For Deep Instinct, we just need an operator who can do this. 

The pricing is okay. 

• Compared to Symantec, the pricing is a bit more expensive. 
• Compared to Sophos Intercept X, the price is about the same or slightly cheaper. 
• Compared to Carbon Black, it's much cheaper. 

If I include the false positive rate and the detection rate in the comparison, Deep Instinct is worth its price.

While there is some malware which can be detected by other applications, all malware can be detected by Deep Instinct.

I tested Symantec, and it took two days to install and configure one Symantec Management Server and a client agent, which is troubling. Then, I had to install the other agents and the installation may have taken 30 minutes. Afterward, I could spend three to six hours downloading the database for one machine. I had to do this for every machine. On the other hand, Deep Instinct took me five seconds to install. Even then, Symantec only detects 60 percent of the malware.

For my own laptop, Deep Instinct takes less than one percent of the CPU and less than 50MB of memory. In addition, I have a Symantec Endpoint Protection testing environment, and while it's just a testing environment and there is no malware with nothing running on it, Symantec takes about 20 to 30 percent of the CPU quite frequently and 80MB to 100MB of memory.

In a production environment of a construction company, Deep Instinct detected 160 malware while Sophos Intercept X detected two malware in the same environment.

For unknown malware, McAfee has a 20 to 30 percent fail detection rate. Symantec has a failed detection rate at 50 percent. Traps is better at ten percent, while Deep Instinct is at one to two percent. This difference is due to the behavior in the Deep Instinct engine.

Put it on your Internet with your existing anti-malware. You will be amazed.

Our information security officer thinks this is a good solution. He definitely gives it a thumbs up.

For financial company or banks, they should know that Deep Instinct does not require internet connection nor require frequent updates for a plan agent or server. Once they know that, Deep Instinct is the only choice. Usually, for the banking and finance industry, there are a lot of servers or PCs, and they are in a closed network which can't access the Internet. So, they always have a problem updating a signature and a plan agent, patching it, etc. Deep Instinct totally fits this gap.

Installation is easy. I taught a partner in China by spending 30 minutes showing them the installation steps and every setting in the web console. Now, they can do it by themselves.