What's New in Deep Instinct 3.0?

July 15, 2021 | Charles Everette

Deep Instinct is an innovation-driven cybersecurity company dedicated to bringing to market the world’s most advanced cyber prevention solution. With Deep Instinct 3.0, we’ve further advanced the Endpoint Protection Platform (EPP) market by adding new capabilities, features, and functions that significantly improve our toolset and add even more value to organizations that share our prevention-first approach to stopping cyber threats.

Preventing Adversarial AI Threats (Adversarial Machine Learning Protection)

One of the newest and most challenging trends our threat researchers have seen is the advancement of adversarial machine learning (ML) by cybercriminals. These new ML attack vectors attempt to fool common cybersecurity vendor ML models by supplying deceptive input to cause a malfunction in their models model and bypass their protections. Deep Instinct created the world’s first and only purpose-built deep learning cybersecurity framework to detect and prevent a wide range of cyber-attacks, including adversarial ML attacks. The release of Deep Instinct 3.0 takes our prevention capabilities to the next level through enhancements to our D-Brain’s architecture that allow more robustness and resiliency against adversarial AI threats and similar threats.

Expanded platform support – macOS and Linux expansion

macOS

We have expanded our already extensive macOS coverage and will now provide protection to include the Big Sur (v11) macOS release. Gartner Research indicates that 12.46 percent of endpoints in North America are now macOS based and as more organizations supply macs as a hardware option for employees and expand their endpoints to include more partners, we anticipate the demand for macOS EPP protection to grow. As popularity of macs has increased we’ve noticed a concurrent rise in cyber attacks targeting these systems. Our mission is to prevent threats across all endpoints and this update reflects this vigilant approach to comprehensive detection and prevention.

Linux OS Support

The expansion of our threat protection to include Linux systems further represents our commitment to complete cyber threat prevention regardless of environment or OS. We now offer support for RedHat Linux 7.9 and offer D-Client agents on supported Linux systems.

Fileless/Shellcode/Memory Injection

As cybersecurity solutions have evolved their detection and response capabilities we have observed a noticeable shift to fileless or Shellcode injection attacks. Nation-state actors and well-healed cybercriminals have begun using valid programs and built-in OS features to infiltrate and infect systems with malicious software.

These new fileless attack vectors tend to leave very little evidence of their passing or execution, making them extremely difficult to detect and deter by most legacy EPP software vendors. Shellcode attacks are often used to bypass and remain hidden from security and EDR solutions. We have bolstered our solution to add additional predictive and prevention capabilities for Shellcode and fileless-based attacks. This new feature is built into our 3.0 release and does not require special rules or configuration – you just need to click a check box to turn it on and become prevention ready.

Credential Theft Production (LSAAS Dumping)

Another common attack vector that we’re seeing with more frequency is LSASS memory scraping or dumping. Threat actors are now attempting to capture and use the cached access credential stored in the process memory of the Local Security Authority Subsystem Service (LSASS) of Windows systems. After an end user logs on, the system generates and stores a variety of credential materials in LSASS process memory. If undetected and prevented, cybercriminals can harvest these credential materials to conduct lateral movement. Deep Instinct 3.0 now offers protection against these advanced LSAAS attacks.

Threat Hunting – Suspicious and Malicious Behavior Event Reporting

Deep Instinct has now enabled our D-Client agent to identify, report, and record unusual suspicious and malicious activities on the endpoint in real-time, as they occur. As threat actors become stealthier, it becomes increasingly important to identify their presence and behavior as quickly as possible to prevent harm to your network. The information gained by threat hunting is very valuable alone, but combined with other security and log aggregate tools, security teams now have the ability to be far more proactive in their response to network intrusions.

MITRE ATT&CK Framework Integration

MITRE have become widely known and respected for their knowledgebase, education and expertise, and understanding of common attacker models, methodologies, and mitigation.  The MITRE ATT&CK Framework assists organizations in the detection and prevention of these common threat vectors, techniques, and helps detail how to prevent these threats.  Deep Instinct has worked with MITRE to integrate their ATT&CK framework into our EPP product, allowing our customers’ SOC teams to better prioritize threats as they are detected and prevented in their environment, saving valuable time and energy, and allowing these experts to focus on more challenging threats.

If you are an existing customer and would like to know more about these exciting new capabilities, please reach out to your Customer Success contact today.

And if you’re interested in Deep Instinct we would be pleased to demo our prevention-first approach to cybersecurity and provide a thorough review of Deep Instinct 3.0 features and benefits. Please contact us and a sales rep will be in touch with you shortly.