Coming October 25: PeerSpot Awards will be announced! Learn more

Deep Instinct OverviewUNIXBusinessApplication

Deep Instinct is #23 ranked solution in endpoint security software. PeerSpot users give Deep Instinct an average rating of 8.2 out of 10. Deep Instinct is most commonly compared to SentinelOne: Deep Instinct vs SentinelOne. Deep Instinct is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Deep Instinct Buyer's Guide

Download the Deep Instinct Buyer's Guide including reviews and more. Updated: September 2022

What is Deep Instinct?

Deep Instinct is the first and only company applying end-to-end deep learning to cybersecurity. Deep learning is inspired by the brain’s ability to learn. Once a brain learns to identify an object, its identification becomes second nature. Similarly, as Deep Instinct’s artificial deep neural network brain learns to prevent any type of cyber threat, its prediction capabilities become instinctive. As a result, any kind of malware, known and new, first-seen malware, zero-days, ransomware and APT attacks from any kind are predicted and prevented in zero-time with unmatched accuracy and speed anywhere in the enterprise – Network, endpoint, Mobile – enabling multi-layered protection. To learn more, visit: https://www.deepinstinct.com.

Deep Instinct Video

Archived Deep Instinct Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Threat Intelligence and Forensics Investigation Specialist at True Digital Group
Real User
Top 10
Provides very good detections for PowerShell and active scripts; has a user friendly UI
Pros and Cons
  • "Good detections for PowerShell. and good user interface."
  • "Some features are too resource intensive."

What is our primary use case?

I'm a security consultant and we are customers of Deep Instinct. 

What is most valuable?

The user interface is a good feature. It shows which process has been accessed and the flow. The detections for PowerShell are also pretty good as is the active scripts detection feature. 

What needs improvement?

Some of the features are very resource intensive, such as the ransomware detection. It consumed so much of the resource on the endpoints that we have disabled those functions. If they could improve the detection logic so that those elements would consume less resource, that'd be effective. They could also improve the reporting feature so it coul be more like you find in Maltego or IBM's i2. They could introduce a graph feature to coordinate between search and those things, perhaps a dashboard of some kind.

For how long have I used the solution?

I've been using this solution for almost a year and a half. 

Buyer's Guide
Deep Instinct
September 2022
Learn what your peers think about Deep Instinct. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

This is a scalable solution. We have around 3,000 endpoints and one person in our company who deals with maintenance. 

How are customer service and support?

We had difficulty connecting with them and initially we were not sure who to contact. It took around eight to 10 hours to get hold of that person so support could be improved. 

What other advice do I have?

I would not recommend this solution for small companies but for companies that deal with sensitive data, I would recommend it as an additional layer of security. It cannot be used as a stand alone product from my perspective, but it can be used with a defense-in-depth approach.

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Owner at a computer software company with 1-10 employees
Reseller
Eradicates ransomware using non-signature-based detection, but the reporting could be enhanced
Pros and Cons
  • "The most valuable feature is its ability to detect and eradicate ransomware using non-signature-based methods."
  • "If the client is working remotely and doesn't have a VPN then the deployment is difficult to do."

What is our primary use case?

We are a software reseller and managed service company, and Deep Instinct is one of the EDR solutions that we implement for our customers. It is one of two EDR solutions that we offer to our client base as a managed service and a 24/7 basis.

The primary use case is ransomware control.

How has it helped my organization?

We think of this product as a fishing net that fits into the computer and has all of the capabilities and understanding of what ransomware and malware look like. It reacts to the look of ransomware, as opposed to trying to detect it by using a signature.

In our experience, it is a whole different concept that is extremely effective.

What is most valuable?

The most valuable feature is its ability to detect and eradicate ransomware using non-signature-based methods. It is not a traditional EDR.

What needs improvement?

My primary concern is that there are elements of the MSSP model that need updating. Specifically, there are some technical controls that need to be updated and it means that rolling it out is a little bit more complicated than it has to be. If the client is working remotely and doesn't have a VPN then the deployment is difficult to do.

In the future, I would like to see additional reporting made available.

Adding a firewall would negate the need for some products by other vendors. More generally, adding traditional endpoint security features over time would mean that we would not have to support multiple platforms.

For how long have I used the solution?

We have been using Deep Instinct for eight months.

What do I think about the stability of the solution?

The stability seems to be fine. Occasionally, we have to consider the brain of the solution, which is the component agent that goes to the endpoint. It remains stable because you're only pushing it out three or four times a year. Because it is not signature or EDR-based, you don't have updates.

What do I think about the scalability of the solution?

Scalability with this product is superb. We currently have about 2,000 clients who are using Deep Instinct.

Which solution did I use previously and why did I switch?

We also work with FortiEDR.

How was the initial setup?

The initial setup is very straightforward.

The length of time required for deployment depends on the number of users that the client has. We have some clients with 500 to 1,000 users, whereas one of our clients only has eight. I would say that you can finish deploying this product in less than half a day, regardless of size.

What's my experience with pricing, setup cost, and licensing?

We are satisfied with the pricing. 

What other advice do I have?

The most complicated part about endpoint security these days has to do with COVID because you have so many people who are working remotely, and they made the transition without a lot of forethought. The cloud-based deployment helps because if you are in an on-premises environment, it's extremely complicated unless they have VPNs.

Overall, this is a good product and it is extremely effective. That said, changes to the deployment process and making the reports a little prettier would be a good way to improve it. Functionally, it meets our requirements, but it doesn't have all of the bells and whistles that other products have.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Deep Instinct
September 2022
Learn what your peers think about Deep Instinct. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
Ronald Rosenbaum - PeerSpot reviewer
Managing Director at The IT Agency Pty Ltd
Real User
A simple, effective, and lightweight antivirus solution
Pros and Cons
  • "This solution is good at catching viruses and it's very effective and lightweight, which are all things that you want in an antivirus product."
  • "Reporting on incidents needs improvement."

What is our primary use case?

We provide managed services for our clients and we are looking at this solution for many, if not all, of our customers. Depending on the results of our evaluation, we may be making it our standard.

What is most valuable?

This solution is good at catching viruses and it's very effective and lightweight, which are all things that you want in an antivirus product.

It's fast in comparison and we like that. It's simple, which is okay.

What needs improvement?

Reporting on incidents needs improvement. It doesn't give very much information compared to Sophos. Sophos will give you a graphic that you can zoom in on the subject and find out everything that the exploit tried to do. It gives you a visual sense of what is going on.

When it does find something I am not 100% sure that they are exploits or if they are false positives. At times, it can be difficult to tell what the problem is.

The deployment was a bit difficult. It was more difficult than Sophos, for example, with having to create an installer. I had to read through a lot of documentation to figure it out. It's clunky and cumbersome.

In Sophos, I can click what I want and it downloads an installer for each tenant. It just takes seconds. Whereas with Deep Instinct, I have to create a whole script and a lot more steps to deploy it.

You have to be more technical to deploy it. You can't just send a file to an end-user and have them install it. You have to have technical expertise.

The dashboards are quite primitive compared to Sophos, which is both good and bad. It's good because it's fast.

Easier Deployment would be better. More integration with RMMs, such as LabTech or Automate. Also, there should be more optics. When it does something, more information on what's happening would help us to make better decisions.

What do I think about the stability of the solution?

We are still in the test phase at the moment, but I know a few companies that use it in mass and they like it a lot. From them, I know that it is stable.

What do I think about the scalability of the solution?

The solution is scalable and there are no issues with that.

Which solution did I use previously and why did I switch?

Previously we were using Webroot, but we are in the process of getting rid of it. We are thinking of moving all of our clients to Deep Instinct, and Sophos. We may have some clients on one and some on the other.

We have been using Sophos for five years now.

Sophos uses a huge amount of resources. There are a lot of components, and because it has so many, sometimes there are problems with installations. When there is a problem it takes forever to fix it. Also, it drains battery life on my laptop or tablet. With Deep Instinct, it lasts for hours.

Which other solutions did I evaluate?

 We are in the process of evaluating Deep Instinct.

What other advice do I have?

I would suggest that people seriously consider using Deep Instinct. It's no-frills but effective and lightweight.

At this point, I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Puneet Gupta - PeerSpot reviewer
Director at IT Junction
Real User
Detected a virus that nothing else picked up, and has the lowest false-positive rate I've seen
Pros and Cons
  • "It's just a single agent that has everything in it... With the EDR solutions, you have to install it, then you have another service history installed, and you have behavioral analytics, etc. With this, everything is in a single small "box," a small agent that has pretty much got everything."
  • "It has the lowest false-positive ratio that I have come across. I have only had one which was a legitimate file that I had to whitelist. It was for one of the applications I was trying to install and integrate. But the false positive ratio is very low."
  • "If they can bring some additional, complementary solutions, like network scanning and the like, that will help. If they had some sort of a firewall which could help detect DDoS attacks and other things, it would be an improvement"
  • "It would be nice if there were options where, if I have to do SIEM integration, I could do so from the UI: Just pick and choose what SIEM solutions the customers use and have options to have out-of-the-box connection facility."

What is our primary use case?

I use it to help my customers secure their environments. I am using it internally for my own network as well.

How has it helped my organization?

I had one of the traditional AVs in my environment and I had some sort of unusual behavior on my machine. I was trying to figure out what was going on. The AV did not pick it up. I tried some other solutions as well, traditional ones, to find out what was going on, but nothing got picked up. The machine was very slow and at times it would act very funny, screens would flick around and sometimes it would just close down.

I definitely knew there was something going on. I thought, "Given I have Deep Instinct now, let me try it on that machine." When I installed it, the moment it started to scan the machine, it picked up this particular virus which had actually masked itself like a fake OS. It had actually taken over my original machine. Nobody else was able to pick it up, but Deep Instinct was able to and it freed up my machine. Now the machine is absolutely fine.

I've got the image of that virus in the sandbox to try to find out exactly what sort of virus it is. As of today, nobody else has picked it up. It's a six-month-old virus.

Some of my customers have come across quite a few other malicious files which were underscored by other solutions and, obviously, they were not happy with the traditional solutions. They have compared it with the likes of Kaspersky, Trend Micro, Symantec, and McAfee, but Deep Instinct stands out, catching everything. Deep Instinct is much more powerful because of the way that it has been made.

In my own environment, Deep Instinct has found around 15 to 20 such malicious files in six to seven months.

It also helps with real-time prevention of unknown malware. I was trying to backup one of my mobile phones on my laptop, and some script would have ended up being uploaded onto my machine. Because the agent was live, the moment it detected something it just blocked it. It just picks up things straight away.

I haven't really looked at the CPU consumption, but given that even when the scanning was going on, as well as any live detection that comes through, I have never seen any performance degradation on my machine. It's been working fine without me noticing anything happening in the back end. I haven't seen any problems in terms of the performance of the machine, but I haven't really checked out the CPU consumption. I probably would have looked at it if I had found the machine was slow. But I've never needed to because it is so fast.

There is no comparison, regarding CPU consumption, when you look at competitors. There's really no comparison at all. One of the major AVs has so many different services that degrade the performance quite a lot, and one has to keep turning off all the other services just to keep my machine working and to avoid alerts. It has been a very different experience using Deep Instinct. I don't have to worry about some other solution adding more services. One engine does its job.

For me, it definitely takes a lot of time and effort away from trying to find the cause of the problem if an attack happens. Without the solution, if something goes wrong, it's usually going to take a couple of hours just to figure out what's wrong with the machine. It definitely saves that time and effort.

What is most valuable?

It is a very easy solution in terms of the deployment. It's just a single agent that has everything in it. You don't have to really think too much about your strategy for securing your endpoint. With the EDR solutions, you have to install it, then you have another service history installed, and you have behavioral analytics, etc. With this, everything is in a single small "box," a small agent that has pretty much got everything. This is what has excited me, my team, as well as my end customers who are using it. It's an absolutely fantastic solution. 

It's very easy going and has got the latest technology, which is the deep learning. That is one step ahead of machine-learning because there is no feature engineering in it. That is the key difference. With today's solutions, everything around them can be re-engineered given they have access to similar tools outside. Given the proprietary framework these guys have, nobody else has access to it. That makes it more secure.

It classifies unknown malware as well. I've got various classifications already: either a backdoor entry or 100 percent virus or malware or a scripting shell. Scripting shell has been detected quite a lot. Viruses have been detected. Two backdoor entries have been trying to get on. I've got a number of different types of attacks that have been happening.

From the dashboard, I can see what I've picked up that's live. I can see the number of users, the number of devices, what are the risks. It has remote accessibility to deploy the agent as well as remove the agent, as well as modify it and update it.

It has the lowest false-positive ratio that I have come across. I have only had one which was a legitimate file that I had to whitelist. It was for one of the applications I was trying to install and integrate. But the false-positive ratio is very low.

The online and offline mode of this technology has actually made a huge difference. I don't have to worry about my employees when they take their machines anywhere. Whether they're connected or not connected, I know it's all secure. If anybody tried to put in a USB or whatever, it just does its job. From that perspective, I see a big difference.

What needs improvement?

If they can bring some additional, complementary solutions, like network scanning and the like, that will help. If they had some sort of a firewall which could help detect DDoS attacks and other things. It's just an extension of what they do, so it would not be just the endpoint. If they can take the technology and make it more useful across the network and add anything that could help improve the work environment, that would be good. 

I'm watching closely to see what they next bring onboard. But within the product itself, overall I don't see any required improvement because it has a very lightweight agent, it's fast and quick, and it detects everything. I haven't experienced any negativity on the Deep Instinct side.

The UI is pretty straightforward. It's very simple. It would be nice to have if there were options where, if I have to do SIEM integration, I could do so from the UI: Just pick and choose what SIEM solutions the customers use and have options to have out-of-the-box connection facility. If I had an option to do SIEM integration out-of-the-box from the user interface, that would be handy.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It's very stable. I haven't had any issues with the deployments, any performance issues, or conflicts with anything.

One exception was when one of my customers tried to do the install Deep Instinct, but their existing Bit Defender was detecting the solution as something trying to get into the environment. Obviously there was a conflict. We just whitelisted on both sides and both of them were talking to each other. They were augmented rather than competing.

What do I think about the scalability of the solution?

It's quite scalable. In fact, I'm working on an opportunity where we're looking at around 20,000 seats. I don't see any issues, although time will tell when we deploy 20,000. But it is scalable to that extent.

How are customer service and technical support?

Support is fantastic. Whenever I have any kind of query or questions, the team is absolutely spot-on, responding back immediately.

When I was doing a small pilot for one of my customers, I got stuck with a very silly thing about creating a user ID in the organization. I got stuck with configuring some rules and policies. I called and, within 20 minutes, somebody called me back and I had my answers. I had no problems at all.

Whenever I want to contact them, they proactively get back to me, so I don't have to keep chasing them.

Which solution did I use previously and why did I switch?

I moved out my other solutions after I got Deep Instinct. I didn't want to have anything else further complicate the matter, in case something happened with a machine. I removed them all and just use Deep Instinct.

I said, "All right, let me take your solution on board and also be an advocate in my country." I was one of their first customers and partners in the country because I was so convinced about the technology that they presented. I've never seen anything like it before. I can see the power of it, I can see how it can benefit customers. 

How was the initial setup?

The Set-up is very straightforward.

For deployment, I just need to extract the agent from the console and send it across and run it. It takes 15 to 20, max, to do a small deployment. Depending on the size of the organization, if using central deployment tool, just put it into an image and deploy it. When it runs it starts talking to the console without any other intervention.  No issues at all.

Depending on the size of the customer, It will take some time to do the initial setup of the console. In total, it will take about an hour-and-a-half to have everything, with the user-group policies defined, the users defined, the sites, and all the other things that can be done without much hassle.

I wanted to put together a standard document which would help customers to just do that but, as it's so simple and straightforward, I just keep everything ready on the console. I create the customer details on the console and just send the agent. 

There's no rocket science involved at all here and that's why it is so easy. There is nothing else to be prepared because there is no system downtime. You don't have to integrate this solution with anything else. It is autonomous and it just does its job.

In terms of staff for deployment, it's a one-man show. And there's hardly any maintenance because, once the agent is deployed, there is nothing else to be maintained, unless there is a conflict with something else. Apart from that, the product doesn't require any maintenance.

What about the implementation team?

Vendor Team. They are excellent !

What was our ROI?

I have definitely seen ROI. Whatever price I paid for, I got my returns when it detected that virus that was in my environment already. I got my returns pretty much by securing all that. The information that probably would have gone out, had that virus spread to other machines, could have been a big catastrophe for my business. It's done its job and it's pretty much paid off what I spent on it.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are very straightforward. It's two SKUs, one is for the console and the other is for the client. 

One thing about their licensing program that I like is that just one covers the server as well as on the endpoint as well as mobile devices. There is no complexity in calculating how many SKUs I need for mobile, for laptop, for desktop, and for servers. It's very simple and that makes it much easier to budget. You know how much you're spending and how you're securing your environment with that technology.

Which other solutions did I evaluate?

I've never come across anything like this. I looked at other things as well. I've been hearing about Carbon Black, Cylance, CrowdStrike, and all the other AI & ML Solutions. All of them have limitations in terms of what they can do and how they do it. It's still human intervention. It's still behavioral analysis, heuristics, etc. There's nothing wrong with that, but they still haven't found a way, like Deep Instinct has, to take all that pain away in a single solution.

Deep Instinct can actually predict unknown malware that is going to come out, as well, because of the way they have built this technology. It can predict the tiniest mutations of viruses or new malware that is coming out. These guys can predict it straight away, whereas the others can't, until something goes through and they work on it and find to fix it. I.e., post execution, where the damage is already done! Everything they do is post-execution. What's the point? If your technology, which you say is that great, cannot detect earlier on, prevent it before happening, then I don't think it's good enough.

That is what I have seen with Deep Instinct. It doesn't even allow something malicious to pass through. It saves a lot of time and effort in cleaning up rather than saying, "Okay, fine, I blocked it. Nothing to worry about."

What other advice do I have?

I've been sharing all my experiences around using it and how it's secure and that it's the next wave in the security world. It's changing the way security is looked upon from the endpoint perspective. They have made life so much easier. There's so much complexity with all the other solutions. When I talk to anybody, I tell them that if they really want peace of mind and a technology that can actually take care of your assets, Deep Instinct is the one to look at.

In terms of extent of use and increasing usage, I'm still a small organization, and growing gradually. I am getting more customers on board. The scale is obviously going up. At this moment, I'm managing roughly 400 + devices, with about another 3,000 in the pipe.

It's a ten out of ten. It's the best. All around, I'm pretty happy with them. I'm just excited to see what they bring me next.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Robert Boles - PeerSpot reviewer
Cybersecurity Expert at a tech services company with 11-50 employees
Reseller
Removes the need to strike a security-productivity balance, while finding numerous risks that competitors miss
Pros and Cons
  • "Instead of having features like rollback and after-event actionable stuff, the whole premise and the context of the solution is to actually prevent these malicious attacks from happening to begin with.... The ability to prevent threats is the most appealing aspect. It absolutely, 100 percent helps with real-time prevention of unknown malware. That's the strength of the product."
  • "It has a very low false-positive ratio. That is important because it means we're not wasting time... We're able to run that entire 20,000-endpoint base with just a handful of engineers."
  • "I would love to see a really exceptional, outstanding level of reporting. I know that's like asking for a unicorn to leap out of the sky with any of these products... When everything works, clients began to wonder: "Everything's fine. Why do we need you?" That's where the reporting capabilities would allow us to really demonstrate: "Hey, here's what's actually going on, Mr. Customer.""

What is our primary use case?

The primary use case is advanced endpoint protection in the context of prevention.

How has it helped my organization?

Take, for example, EMOTET. It is a really nasty piece of malware. I joke with my clients that it's like the evil party-planner. It gets a foothold and then it pulls in all its bad-guy buddies. EMOTET is exceptionally dangerous because it's multifaceted: botnet, cryptocurrency mining, and ransomware. Being able to prevent threats such as EMOTET, which was originally intended to attack the banking industry, is among the best successes we've had with DI. And it's just one of many. It's been so substantial that I don't even know how to quantify it.

To put it in context, when we review a security product, everything we do is weighed against three criteria: security, reliability, and a positive user experience. Within any cybersecurity solution is the need to strike the balance between security and productivity. When you take a product like Deep Instinct and remove the overhead while allowing the organization to function as though there were no security inhibitors - yet still provide that high level of security - to me that's a huge win because we’re not sacrificing productivity. We are allowing the organization to still function at a high level without the burdens of so many controls that choke the machine from unnecessary overhead.

In terms of CPU consumption, it is exceptionally low. We've been running the product for over a year internally, and we have zero issues. I am aware that in some environments, when first deployed, because it literally scans the entire machine, it can consume resources. But after the initial scan is complete, we don't even notice it's there. From a pure user-perspective, in comparison to some of the traditional "bloatware" that some of the legacy, traditional AV guys have become over time, it's a substantial difference on the positive side in the sense that you just don't notice it. I literally notice no impact on my day-to-day actions. It's somewhat amazing. The footprint is so light that you wonder, "Where's the 'gotcha' in this?" Light footprint and super effective? Okay, sign me up.

What is most valuable?

We provide managed security services to our clients and my belief is the best threat is the one that never happens or is mitigated before it's given an opportunity to establish a foothold. We were approached by a peer of ours about two-and-a-half years ago, right before we met Deep Instinct, and discussed partnering with them to resell our infrastructure solutions, and us support and be the West Coast coverage for a competing endpoint solution. We didn't move forward with our peer, though it became clear, coming out of our discussions with them, that our infrastructure services that were our core competency were going to need to be complemented with an endpoint solution, because these folks were now a competitor.

We started looking at different options. This is around the time that a lot of players were starting to come up, such as Cylance, SentinelOne, and Carbon Black. We worked through the gauntlet of these products and others. Interestingly, within a month I was introduced to Deep Instinct which had just come out of stealth mode. It was a differentiator. Of all the products, what I saw that intrigued me most were the prevention capabilities, where instead of focusing on features like rollback, the whole premise and the context of the solution is to actually prevent these malicious attacks from happening to begin with.

As a service provider who is responsible for the wellbeing of our client base, that's a much more appealing approach than the ability to roll back, because in any rollback situation there is always an opportunity that it's not going to roll back exactly how you wanted it. So it aligned with our core business values. The ability to prevent threats is the most appealing aspect.

Deep Instinct absolutely, 100 percent helps with real-time prevention of unknown malware. That's the strength of the product. We've just surpassed 20,000 endpoints under our purview, and over 75,000,000,000 files scanned. We had an event this past summer where there were some environments that hadn't fully migrated over to Deep Instinct. Within those environments, the machines that were defended by Deep Instinct continued without issue, whereas user machines that were not defended by Deep Instinct had substantial issues that were not resolved until we actually were able to get Deep Instinct on them.

We have a running list of all the competitive products we run over the top of or concurrently with Deep Instinct. At one milestone, Deep Instinct had discovered over 5,000 existing threats that were present on existing workstations, across 32 different competitive products that were defending these workstations, though provided zero visibility into the fact that the risks were present. This number was at the 7,500 endpoints defended milestone and has grown significantly as deployments have expanded. It is worth mentioning, included in that list are all the aforementioned competitors we had considered.

Deep Instinct provides classification of unknown malware without human involvement. Our analysts and engineers use that data as part of the validation and remediation process. The feature is tremendously insightful and tremendously helpful. As an operator, anything that shortens the path to clarity is a value.

Finally, one of the most important things that we haven't highlighted yet is that it has a very low false-positive ratio. That is important because it means we're are maximizing our efficiency. Because the false-positives are so low, our need to carry excessive staffing is minimized by not requiring headcount to filter through the noise. In our assessments of other products, we learned some of the competing products literally have teams of hundreds of analysts breaking down threats that their tools are detecting due to excessively high false positives. Because of this, those solutions were not considered. We're able to support the entire 20,000-endpoint base with just a handful of engineers. The time savings are substantial, and impact on morale positive. We’re seeing false-positives at about 5 for every 10,000,000 files scanned. There's one company that comes to mind and I know they have more than a couple of hundred analysts filtering through what they're flagging. I actually don't know if Deep Instinct has any analysts because the detection rates are so high.

What needs improvement?

The Achilles heel in our industry is reporting. I would love to see exceptional, outstanding level of reporting. I know that's like asking for a unicorn to leap out of the sky with any of these products. But reporting is always the thing that it is challenging. Fortunately, because as operators we get information through the dashboard, it hasn't been an issue yet. But for us, to really differentiate and really squeeze the full value out of this with our clients, the reporting is critical. Why is that? When everything works, clients began to wonder: "Everything's fine. Why do we need you?" That's where the reporting capabilities would allow us to really demonstrate: "Hey, here's what's actually going on, Mr. Customer."

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Deep Instinct has proven to be a stable and reliable solution. We have had minimal issues with it. We're pushing it to our entire client base and rolling our endpoint protection solution on Deep Instinct.

Our implementation strategy - and we always advise our clients to do this with any product - is to take a subset of the environment and do a limited install on a handful of machines. The purpose is to uncover any existing or potential issues with line-of-business apps or any non-standard elements in the environment. The aspect which most people fail to consider is that when you add a more sophisticated cybersecurity-purposed tool, the more advanced capabilities will expose any existing shortcomings in the environment. Consequently, if you have not architected your environment correctly, these tools tend to expose those shortcomings. Most often, clients want to point a finger at the tool. The reality is that the tool is doing its job and there's some aspect of the network that it just brought to light.

I travel the country speaking at cybersecurity events, and will always remember a specific gentleman because I really had empathy for him. He asked a question out of frustration regarding a competing product, and what do you do when installing “Solution-X” and it blue-screens the entire environment. My first thought was, "Why are you installing into an entire environment without testing?"

Whether it's a premium, next-generation firewall at the edge or a premium solution on the endpoint, if there's an issue with the machine or something in the stack, it's going to have an effect. Why? Because delivering advanced-security services require the margins for error be minimal. They have to be. That's how you close gaps. So that pre-testing by installing in a subset, that proof of concept, is how you get clarity and certainty that you can deploy environment-wide without issues.



What do I think about the scalability of the solution?


The Brain is Cloud-Based, and scalability infinite. We've surpassed 20,000 endpoints and are growing rapidly.



How is customer service and technical support?


Our partners are regional, managed service providers and they source the tool through us. We provide support, design, care and feeding, or we provide training and an escalation point. Recognizing the diversity of environments our offerings are flexibile to work in ways that best support our Partners business.




How was the initial setup?

The initial setup is pretty straightforward, at least on PC. Mac OS has a few curveballs to work around, which Apple has built in to protect the environment. But once it's in - I've had it on my MacBook Air for eight months without issue - it just works.

Deployment takes less than 15 minutes. For the install, the initial scan can take ten hours or more depending on how much data there is to be scanned. But it's typically complete within a day.

For deployment, it takes one of our team members a few minutes on the endpoint, or we have also deployed via multiple RMM tools. For the actual day-to-day maintenance and monitoring, and all the security benefits that we stack on top of it, our team is well north of one. When stuff kicks up that merit’s investigation, to validate whether it's an issue or requires further action and escalation, if needed, to the Deep Instinct team, that's what those staff members are doing. They're also making sure that the environment across those 20,000 endpoints - we are approaching 250 to 300 clients - are running clean and healthy on a day-to-day basis. But in general, the tool is effective and efficient.

What was our ROI?


The ROI is that your people are able to remain productive. You're not paying ransomware, your systems are healthy and operational, and you're not putting out fires. You're being productive.



What's my experience with pricing, setup cost, and licensing?

I think the pricing is a huge value. In comparison to the other products out there, it's exceptionally competitively priced. When you consider the lower administrative overhead that it facilitates, it's an absolute value.



What other advice do I have?

Our partners are regional, managed service providers and they source the tool through us. We provide support and design and care and feeding, or we provide training and an escalation point. We've actually got a lot of flexibility in our offerings to them so that the tool works in a way that best supports their business.

The experience of running over the top of competing products and having such a high detection rate of risk that was present on those machines, and the ability to replicate that whenever we go into a new environment - we traditionally will uncover things that the incumbent had not identified.

I've been around this industry for 20 years and there are just certain things that, when you see them, you know they're going to be a game-changer. It was very clear to me that this product, if we could work with the company to get the functionality out of it that we needed, would be a game-changer.

I don't give anything a ten, so I'd give it a solid nine. The only thing keeping this from being a ten is "wow-me" reporting. If the rating was purely on the product and prevention, it would be an absolute ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
FuyukiMotono - PeerSpot reviewer
General Manager at a tech services company with 51-200 employees
Reseller
Provides highly accurate predictive model and automatically displays malware classification
Pros and Cons
  • "The most valuable features are the static/dynamic analyses. Deep Instinct's predictive model has very high accuracy and provides threat information for unknown malware, such as malware classification, static analysis information, and sandbox information."
  • "The Management Console is not localized."

What is our primary use case?

Unknown malware can be prevented using this solution.

How has it helped my organization?

It provides a very high detection rate and a very low false-positive rate. 

It also helps with real-time prevention of unknown malware, easily. For example, when a file attached to an email is opened, Deep Instinct prevents any malware immediately, when compared with similar solutions.

What is most valuable?

The most valuable features are the static/dynamic analyses. Deep Instinct's predictive model has very high accuracy and provides threat information for unknown malware, such as malware classification, static analysis information, and sandbox information. The information can be obtained easily. Malware classification information is displayed automatically, within the event.

In addition, we have found there is malware prevented by DI, which other solutions did not prevent.

What needs improvement?

The Management Console is not localized.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

DI is lightweight and very stable.

How are customer service and technical support?

Tech support answers quickly and they are caring.

Which solution did I use previously and why did I switch?

We did have a previous solution but the detection rate with DI is higher.

How was the initial setup?

The initial setup is a little bit complex. The reason is that there is no online help. The deployment takes one to two days. In terms of an implementation strategy, use it together with Windows Defender.

We have installed it on Win PCs, Mac, and Android. The installation work is very easy.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little bit expensive but we are satisfied with DI's performance. CPU consumption during scanning is under five percent.

Which other solutions did I evaluate?

We evaluated some competitive products, for example, Cylance, and Deep Instinct's false-positive rate was less than one-tenth of Cylance's.

What other advice do I have?

It is a very good and stable product. Our CISO noted that the client features are a little bit different than in our previous product. However, he understood the reasons.

We have 150 users of Deep Instinct and they fill a range of roles, as we are a reseller. It is installed on all our employees' PCs. Two people are required for deployment and maintenance of the solution. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Ethan Ore - PeerSpot reviewer
Senior Consultant at a tech services company with 11-50 employees
Reseller
Prevented me from clicking on malware that other solutions missed
Pros and Cons
  • "Deep Instinct complements the solutions we already have. You don't need to rip and replace any antivirus or endpoint that you have. It's easy to use and it's easy to have it side-by-side with other solutions. That makes it really easy to have an additional level of protection, rather than to hassle with doing solution migration."
  • "The CPU consumption is low compared to what I have been using in my current environment, which is Sophos. The footprint is a lot smaller, about a quarter of Sophos. It is very small."
  • "I would like to see improvement in the user interface so that the user has more control. For example, it would be good if a user could change their grouping if they want to be part of another group. Or if I want to right-click and scan a specific file that I just imported, that would be helpful. Sometimes you just want to do an extra scan to make sure you're safe."

What is our primary use case?

Our primary use case is anti-malware, to prevent endpoints from getting viruses.

How has it helped my organization?

Deep Instinct complements the solutions we already have. You don't need to rip and replace any antivirus or endpoint that you have. It's easy to use and it's easy to have it side-by-side with other solutions. That makes it really easy to have an additional level of endpoint protection, rather than to hassle with doing solution migration.

It helps with real-time prevention of unknown malware. I have seen several instances where, when I surf the web, Deep Instinct prevents it and quarantines it for me. The other solution that I am using doesn't pick it up. Deep Instinct prevented me from clicking on it. Otherwise, I would have been infected.

Also, the CPU consumption is low compared to what I have been using in my current environment. The footprint is a lot smaller, about a quarter of what I have now. It is very small. It doesn't use up many resources. It's only when it's running one particular type of scan that it really spikes up the resources. Otherwise, it really just stays in the background and is low on footprint.

What is most valuable?

What is commendable about Deep Instinct is that they have a single platform, regardless of whether you have Windows, Mac, or even Android phone. It's a very good platform because it's all-in-one.

In addition, it's easy, because once you deploy the endpoint, the policy comes in and there is not much to configure. You can do whatever you like, unlike other solutions where you need to explicitly create exceptions if you want to do certain things. Here, you can do anything that you want and have the assurance that Deep Instinct will catch anything that is malicious.

The malware classification is very good because it tells me, "This is most likely ransomware or a worm." In other solutions, they usually just have a flat statement saying it's a worm or just that it's a virus. That leaves it open-ended and you have to do your own investigation, put it into a sandbox and really explore it before you actually know what it is. A lot of technical or even expert knowledge is required before you can analyze it. Here, you can do it without an expert opinion. It's better laid out in the static form. It even tells you the process chain, where you know what executes and then what happens to it. If it's running something that it shouldn't, then that's potentially something bad.

What needs improvement?

I would like to see improvement in the user interface so that the user has more control. For example, it would be good if a user could change their grouping if they want to be part of another group. Or if I want to right-click and scan a specific file that I just imported, that would be helpful. Sometimes you just want to do an extra scan to make sure you're safe.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

So far it has not crashed. It has not given me any problems. It's a very stable application.

What do I think about the scalability of the solution?

Because it is cloud-based, you can scale. Because it runs on AWS, ultimately the bandwidth is as big as AWS can provide, which is as big as you can imagine.

In my office there are about 20 users, but we do have customers outside our office who are also using it.

How are customer service and technical support?

So far they have been rather responsive. They have been able to give an analysis of instances or events that we have sent them, and they have been able to come back with positive results. Turnaround has been within a day.

Which solution did I use previously and why did I switch?

I work for a company that is a distributor for Deep Instinct. We use it as well as sell it. It's in our interest to be familiar with the product to sell it and support it.

How was the initial setup?

It's very easy. You can deploy to many endpoints in a very short amount of time. If you are doing it manually, it's just one simple command.

I can deploy it in a number of minutes for one or two machines. Configuring the policies takes about five minutes, and then deploying takes another five minutes or. All in all, ten minutes.

In terms of an implementation strategy, to deploy it to the masses it would be easier to go by Microsoft SCCM or any Mass Deployment Tools. You just put in a script and it will run and everyone will be done automatically. You just monitor it through the Deep Instinct dashboard. Usually, in other solutions, you won't get updates until a long time after. Here you see the overall status of every user: Are they registered? Are they deployed? Are they uninstalled? It is very intuitive.

You don't need a lot of people to maintain it. You might need two or three people to do round-the-clock standby. 

What was our ROI?

I don't deal with sales, I am the technical guy, the sales engineer. I do see satisfaction from customers. They are happy that there is a solution that differentiates itself from the other solutions and is really able to complement whatever they have. I do see many customers being satisfied with this solution.

Time savings are definitely there. If you cut down the incidents, you save the time dealing with them. If you don't have to deal with them, that's a lot of time saved. And since you don't have to have people to manage the solution, that's people saved. In multiple ways there is ROI, it's definitely there.

What's my experience with pricing, setup cost, and licensing?

Because we are doing the MSSP model for Deep Instinct, we are able to get even very few licenses. Users can sign up even if they have a small office or, of course, a big office. It's really scalable and elastic in that sense.

Which other solutions did I evaluate?

Now that I have Deep Instinct, I don't know if one day I will just uninstall my current solution.

Compared to various competitors, Deep Instinct has a differentiator: It really does deep learning. Many of those doing machine-learning require the cloud. Deep Instinct is able to do it on-prem and fully self-contained. Once I install it I can even go offline or even go away from the cloud. It gives assurance that you're protected for a long time.

What other advice do I have?

Generally, as a company, we like the solution. As compared to many other solutions on the market, it has a differentiator: the deep learning, and they even share what their deep learning algorithms are. You are really assured that this thing will be able to solve real-world problems.

In terms of Deep Instinct finding any malicious files which were underscored by other solutions, I have not really gone into the details but I do see that sometimes, when I click on the link to go to Virus Total, it doesn't show up anywhere else. But I haven't really dug deep enough.

As for the extent to which it is used in our organization, it is generally used, everybody has it. The beauty about Deep Instinct is that you can set and forget it. You don't really have to deal with it, unlike other solutions where you have to constantly have an IT administrator who manages it day in, day out. Here, it's more like when and if something happens, then I take a look.

I expect we will increase our usage of it. As more users come on board, we could have it installed as part of the standard package. In general, I would like to see more people install and use Deep Instinct.

One feature that is not utilized that much is the appliance on-prem sandbox where you can generate static notices for P-Files, because people generally don't log in much to take a look. So they don't generate messages. Similarly, the upload locks are under-used, because you can do it centrally. You don't have to visit the users, you can just do it from the console which is a very awesome feature.

In terms of the rate of false positives, compared to other solutions, it depends on the environment. Some environments have more, some have less. Some don't even have any. It varies. It's more conditional. Every solution has its fair share of false positives. In some environments there are more, some there are less. If you were to put them all together in the same environment then you will be able to make an apples to apples comparison.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Regional Technical Manager at a retailer with 201-500 employees
Real User
Its false positives are very low because the behavior analysis engine double checks them
Pros and Cons
  • "Its false positives are very low, because the behavior analysis engine double checks them."
  • "Deep Instinct's detection rate is close to 100 percent."
  • "The detection rate is very high. In all the testing with around 20 partners in different environments, quite a lot of them had installed with other anti-malware applications, like Sophos. This software can co-exist with those applications in the same machine. This is impressive."
  • "I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS."

What is our primary use case?

I use it quite extensively. I use it on my PC, server, and mobile phone for my own testing. I also use it for testing of some of my business partners, including telecommunications, construction companies, banks, EFSIs, different industries, and different scenarios.

How has it helped my organization?

The installation and configuration are simple in Deep Instinct. The policy is easy, taking maybe a couple minutes to set it up. Usually, we use the default policy setting and enable the SMTP and SYSLOG to configure the administrator information, as the configuration work is low.

We do need to set up some releases for different environments. Some customers have some custom-made applications in their environments, which are more distinct. However, it doesn't spend too much time for every deployment, benefiting the customer.

We use this solution for classification of unknown malware without human involvement. I collect malware from the internet. I put it into the testing environment of Deep Instinct, and it can always be detected.

What is most valuable?

  • High accuracy
  • High detection rate
  • Low false positive rates
  • Easy deployment
  • It is not necessary to update signatures.
  • There is no database.

The detection rate is very high. In all the testing with around 20 partners in different environments, quite a lot of them had installed with other anti-malware applications, like Sophos. This software can co-exist with those applications in the same machine. This is impressive.

I found Deep Instinct can detect a lot of unknown malware early. Others, like Sophos, could find the same malware maybe a couple weeks weeks or a month later, since a lot of malware is not being reported to the virus websites.

Deep Instinct's detection rate is close to 100 percent.

After they introduced the behavior analysis engine, I even detected attacks via vulnerabilities in Microsoft. Its false positives are very low, because the behavior analysis engine double checks them.

What needs improvement?

I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS.

At this point, they don't have a local quarantine feature that can be triggered by the agents. It has to be done by whitelisting. Deep Instinct has also said that this will be available in Q2 2019. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is quite stable. So far, there was one bug in a previous version, which I couldn't uninstall. I consulted with an Deep Instinct engineer, and they had a quick check, then spent 15 minutes easily fix it. 

Besides, that one issue, I haven't had any serious problems with the software.

What do I think about the scalability of the solution?

Scalability is fine. The server can easily take up to 1000 agents. The server is simply a management console.

Our customers are looking to scale up pretty quickly because they have seen the benefit of its use.

How is customer service and technical support?

The technical support is quite good. The engineer who I usually contact is in a different time zone. They do have another engineer who is in a similar time zone, but he is not the one who was my initial contact. While the new contact is in Singapore, I usually contact the engineer in Israel since his understanding is better. Every question that I have asked, he can answer it. Even for cases where there is an unknown malware. For example, I ask him, "Can you check it out? What type of malware is it? What is that behavior? What's its background?" He can return to me within one or two days with an answer. Also, if there are any problems, he can do the remote troubleshooting quickly.

How was the initial setup?

The initial setup is straightforward and easy. Deployment takes three to five seconds. There is no configuration on the agent side. The policy setting is all on the web console. Usually, we use the same implementation for all customers, this is to use the default strategy.

They use a cloud management server. So, I can check logs and do the configuration by simply using the web browser, no matter where I am. This is quite convenient. Also, deployment is easy because it takes one command and three to five seconds. In some cases, when we deploy Deep Instinct, especially in conjunction with existing anti-malware software, we don't need to delete the existing anti-malware. It can co-exist together. Therefore, the company doesn't need to risk removing the existing anti-malware. 

It's not easy to remove an anti-malware application. Usually, you will have some trouble.

What about the implementation team?

For Deep Instinct, it doesn't need me to download a database. It doesn't need any configuration. I can deploy a hundred machines in maybe an hour.

What was our ROI?

The time savings is very obvious. For ongoing maintenance, I don't need to take care of it at all. I just let it run.

Another thing is it does not need an expert to work with it. Sometimes, when you set up a policy or different settings on another solution, you need a network engineer and a systems engineer, and even someone who specialized in antivirus or security. For Deep Instinct, we just need an operator who can do this. 

What's my experience with pricing, setup cost, and licensing?

The pricing is okay. 

  • Compared to Symantec, the pricing is a bit more expensive. 
  • Compared to Sophos Intercept X, the price is about the same or slightly cheaper. 
  • Compared to Carbon Black, it's much cheaper. 

If I include the false positive rate and the detection rate in the comparison, Deep Instinct is worth its price.

Which other solutions did I evaluate?

While there is some malware which can be detected by other applications, all malware can be detected by Deep Instinct.

I tested Symantec, and it took two days to install and configure one Symantec Management Server and a client agent, which is troubling. Then, I had to install the other agents and the installation may have taken 30 minutes. Afterward, I could spend three to six hours downloading the database for one machine. I had to do this for every machine. On the other hand, Deep Instinct took me five seconds to install. Even then, Symantec only detects 60 percent of the malware.

For my own laptop, Deep Instinct takes less than one percent of the CPU and less than 50MB of memory. In addition, I have a Symantec Endpoint Protection testing environment, and while it's just a testing environment and there is no malware with nothing running on it, Symantec takes about 20 to 30 percent of the CPU quite frequently and 80MB to 100MB of memory.

In a production environment of a construction company, Deep Instinct detected 160 malware while Sophos Intercept X detected two malware in the same environment.

For unknown malware, McAfee has a 20 to 30 percent fail detection rate. Symantec has a failed detection rate at 50 percent. Traps is better at ten percent, while Deep Instinct is at one to two percent. This difference is due to the behavior in the Deep Instinct engine.

What other advice do I have?

Put it on your Internet with your existing anti-malware. You will be amazed.

Our information security officer thinks this is a good solution. He definitely gives it a thumbs up.

For financial company or banks, they should know that Deep Instinct does not require internet connection nor require frequent updates for a plan agent or server. Once they know that, Deep Instinct is the only choice. Usually, for the banking and finance industry, there are a lot of servers or PCs, and they are in a closed network which can't access the Internet. So, they always have a problem updating a signature and a plan agent, patching it, etc. Deep Instinct totally fits this gap.

Installation is easy. I taught a partner in China by spending 30 minutes showing them the installation steps and every setting in the web console. Now, they can do it by themselves.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Download our free Deep Instinct Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free Deep Instinct Report and get advice and tips from experienced pros sharing their opinions.