Deep Instinct’s deep learning endpoint security solution provides full protection based on multiple layers, including a prediction & prevention first approach, followed by detection & response, against known and unknown cyber threats.
This is Prevention, Unlimited.
Uses deep learning, the most advanced AI technology. The Deep Static Analysis provides far greater accuracy than next-gen cyber security signature and heuristic solutions, and is more accurate than classical machine learning algorithms, which suffer from lower detection rates and higher false positives. The agnostic implementation of deep learning can be applied to over 100 file types, including executable files (PE, Mach-O), Office (OLE, OOXML, macro), PDF, RTF, Flash, JAR, images, fonts, archive files (ZIP, RAR, 7z, etc.) and others.
The endpoint platform predicts and prevents any malicious file upon the file’s initial access on the device, and can also perform a full file scan during the initial installation or on-demand.
An additional layer of system endpoint protection is provided based on file reputation, both for known malicious and benign files.
The next-gen endpoint protection enables blacklisting files based on hashes and based on import IoC lists.
Behavioral analysis capabilities that can provide endpoint detection and response to the malicious business logic of malware.
Anti-Ransomware: The encryption techniques and the methods to perform read/write operations to encrypt files, are all known. This module covers them all, with a near 100% detection rate and an industry-low false positive rate. This has been confirmed with over tens of thousands of tests performed by the Deep Instinct research team.
Remote Code Injection: Detects Remote Code Injection techniques used to move laterally between processes.
Known Shellcodes: Detects the execution of known payloads during their execution. Protects against shellcodes for many tools, including MSFvenom, Shellter and Veil.
Detect and Remediate Active Adversaries on the endpoint.
Deep Classification: Rapid classification of malware (known & unknown) in real-time, with no human involvement, into seven different malware types, using our unique deep learning malware classification module.
Attack Chain: Root Cause Analysis to describe the process chain that led to the event.
Advanced Threat Analysis: A set of tools that perform advanced analysis on threats found within the organization. This includes static analysis, sandboxing analysis, screenshots and network dump of the threats.
Whitelist & Restore : Provides the ability to whitelist files detected falsely as malicious based on hash, certificate and/or path. The ability to import a list of IoCs based on hashes is also available. Hashes that are added will be restored.
Delete files remotely: Detected files that were not prevented and quarantined can be deleted remotely from the endpoint.
Terminate the running process: Files that were detected as malicious and processes that were detected behaving maliciously can be terminated remotely.
Isolate device from the network: Devices that pose a risk to the organization can be isolated remotely.
Endpoint protection software protects against any type of spyware, including banking trojans, keyloggers and credentials dumpers.
Using this antivirus endpoint protection fileless attack vectors are prevented, including script-based attacks, dual-use tools and code injection techniques.
Ransomware is mitigated using advanced antivirus protection, that includes both static and behavioral analysis.
File Based Malware
Executable and non-executable files are scanned to predict and prevent viruses, worms, backdoors, droppers, wipers, coin-miners, known shellcodes, PUA and more.
Can I uninstall the endpoint security remotely using the Management Console?
Yes, you can remotely uninstall the endpoint protection from the deployment screen in the management console. It can also be uninstalled locally from the device, however to uninstall endpoint protection agent locally, the administrator must use the uninstall password.
Can the system endpoint protection be installed without the user interface visible?
Yes, you can configure the policy from the management console not to display the user interface, which can later be displayed without reinstalling the endpoint protection agent.
Does Deep Instinct use static or dynamic analysis?
Currently, Deep Instinct uses static analysis at the endpoint. Deep Instinct is currently developing the option to also perform a dynamic analysis in its endpoint security. In addition, every malicious file detected or prevented is uploaded to the D-Appliance (optional, as defined in the policy) in order to run additional static and dynamic analyses to provide additional forensic information.
Can I run D-Client with my current endpoint security solution?
Yes, Deep Instinct’s solution is designed to protect all endpoints in any environment. It is our aim to deploy our solution in augmentation to any software solution implemented in the customers’ environments. We believe that within a few months, once you see Deep Instinct’s capabilities, especially the detection and prevention of malicious activities that are not detected by your current antivirus solution, you will conclude that your current anti-virus endpoint solution is unnecessary.
Can Deep Instinct replace my existing anti-virus endpoint solution?
Although Deep Instinct has been designed to work in parallel with existing products, Deep Instinct can replace many endpoint security platforms, including anti-virus, anti-malware, endpoint protection, and sandboxing solutions.
If the existing anti-virus includes other security features that you still want to keep, such as personal firewall, disk encryption, or application whitelisting, Deep Instinct may not address these features. However, you can find these features built into the operating system, such as Windows Firewall, BitLocker and AppControl, respectively.
What type of mitigation actions can be performed after detecting malware?
For Windows & macOS endpoint security, Deep Instinct can prevent file execution, quarantine the file, kill malicious processes and isolate the network of the device.
For Android endpoint protection, Deep Instinct can kill the process associated with a malicious app and then send a notification to instruct the user to uninstall the app.
Generally, in cases of prevention events, no action is required as endpoint client has prevented the threat for you.
In case of a detection event, you may want to remove and quarantine the malware remotely, remediate the threat by using the kill process (in case it’s running) and isolate the machine from the network until further cleaning.
Does Deep Instinct support grouping of endpoint devices for policy updates?
Yes, Deep Instinct supports user-defined device groups, which can be automatically populated by rules (such as Device Name, OUs within your domain, IP range, OS version) and/or by manually selecting devices. The policy for the Device Group can then be updated as a single task.
Does each device need to be upgraded individually for advanced endpoint security?
No, our endpoint protection software includes an automatic upgrading system for Windows and macOS that is controlled by the policy configuration. Not only are individual upgrades not necessary, but upgrades can also be performed in stages.
Android devices can be updated using Google Play’s update mechanism.