Deep Instinct
multi-layer protection
Time to Predict and Prevent
0
MILLISECONDS
By D-Brain
Time to Investigate
0
MILLISECONDS
By Deep Classification
Time to Remediate & Contain
0
MINUTE
Deep Instinct provides full protection, based on a prediction and prevention-first approach, followed by detection and response. The solution offers unmatched efficacy in predicting zero-day threats and can identify unusual, suspicious, and malicious malware on the endpoint, preventing threats as they happen. It uses the following multiple layers:
PRE-EXECUTION:
Predict & Prevent
ON-EXECUTION:
Detection & Automatic Response
POST EXECUTION:
Automatic Analysis & Remediation
PRE-EXECUTION:
Predict & Prevent
Deep Static Analysis
D-Client predicts and prevents any malicious file upon the file’s initial access on the device, and can also perform a full file scan during the initial installation or on-demand. It can be configured to prevent or detect malicious files, using different thresholds adapted to the organization’s needs.
D-Cloud File Reputation
Additional layer of endpoint protection based on file reputation, both for known malicious and benign files.
Script Control
A compliance and policy infrastructure to eliminate the script-based attack surface, including PowerShell, JavaScript, VBScript, Macros, HTML applications, rundll32, and many more
Blacklisting
Files can be blacklisted based on hashes, based on IoCs, and based on import IoC lists.
ON-EXECUTION:
Detection & Automatic Response
Deep Behavioral Analysis
Behavioral analysis capabilities can detect and stop malicious business logic malware, including
ransomware, remote code injection, and known payloads for system endpoint protection.
POST EXECUTION:
Automatic Analysis & Remediation
Deep Classification
Rapid classification of malware (known and unknown) in real-time, with no human involvement, into seven different malware types, using our unique deep learning malware classification module for endpoint security.
Attack Chain: Root-Cause Analysis to describe the process chain that led to the event.
Advanced Threat Analysis: A set of tools that perform advanced analysis on threats found within the organization. This includes static analysis, sandboxing analysis, screenshots, and network dumps of the threats. Integration with MITRE ATT&CK identifiers in support of threat hunting.
Remediation
Quarantine files: Quarantine malicious files during their prevention.
Whitelist: Whitelist files detected falsely as malicious based on hash, certificate and/or path. The ability to import a list of IoCs based on hashes is also available.
Delete files remotely: Detected files that were not prevented and quarantined can be deleted remotely from the endpoint.
Terminate running process: Files that were detected as malicious and processes that were detected behaving maliciously can be terminated remotely.
Isolate device from network: Devices that pose a risk to the organization can be isolated remotely.
