Deep Instinct provides full protection, based on a prediction and prevention-first approach, followed by detection and response. The solution offers unmatched efficacy in predicting zero-day threats and can identify unusual, suspicious, and malicious malware on the endpoint, preventing threats as they happen. It uses the following multiple layers:
D-Client predicts and prevents any malicious file upon the file’s initial access on the device, and can also perform a full file scan during the initial installation or on-demand. It can be configured to prevent or detect malicious files, using different thresholds adapted to the organization’s needs.
Additional layer of endpoint protection based on file reputation, both for known malicious and benign files.
Files can be blacklisted based on hashes, based on IoCs, and based on import IoC lists.
Behavioral analysis capabilities can detect and stop malicious business logic malware, including
ransomware, remote code injection, and known payloads for system endpoint protection.
Rapid classification of malware (known and unknown) in real-time, with no human involvement, into seven different malware types, using our unique deep learning malware classification module for endpoint security.
Attack Chain: Root-Cause Analysis to describe the process chain that led to the event.
Advanced Threat Analysis: A set of tools that perform advanced analysis on threats found within the organization. This includes static analysis, sandboxing analysis, screenshots, and network dumps of the threats. Integration with MITRE ATT&CK identifiers in support of threat hunting.
Quarantine files: Quarantine malicious files during their prevention.
Whitelist: Whitelist files detected falsely as malicious based on hash, certificate and/or path. The ability to import a list of IoCs based on hashes is also available.
Delete files remotely: Detected files that were not prevented and quarantined can be deleted remotely from the endpoint.
Terminate running process: Files that were detected as malicious and processes that were detected behaving maliciously can be terminated remotely.
Isolate device from network: Devices that pose a risk to the organization can be isolated remotely.