Deep Instinct Prevention Platform Reviews

Deep Instinct Prevention Platform is basically a stopper that prevents any malware, including zero-days. The main benefit Deep Instinct Prevention Platform provides is that it stops ransomware, which is a crucial capability.

Deep Instinct Prevention Platform stops all malware, including zero-days in 20 milliseconds. I have tested it with an older version of the Deep Instinct agent and up-to-date, current malware being found today, and it stops it still. I have never managed to get anything past Deep Instinct Prevention Platform.

In real-time, it enables us to stop everything, which means I do not have to get out of bed whenever something happens at the client. We know anything bad has been stopped. It has a very low false positive rate, which means that we can rely on what it has stopped having some feature that is likely to be dangerous. We can triage when we get into the office.

I utilize Deep Instinct Prevention Platform's deep learning models by installing it in clients as the first line of defense. Clients also need an EDR with it, endpoint detection and response service, because it has a very basic interface and does not include all the usual functionality of an EDR.

The autonomous functionality of Deep Instinct Prevention Platform has helped reduce some workloads for my security team. It means that any bad things get stopped and it cuts out the amount of work needed to greatly reduce the amount of work needed to analyze incidents.

Deep Instinct Prevention Platform does handle zero-day threats with minimal system impact in my organization. It greatly reduces the client's risk exposure.

A potential area of improvement for Deep Instinct Prevention Platform is their focus on file uploads and large data storage, backups, and other related areas. It is difficult to think of what they could improve, but low information provided by the system when it detects something is one area, particularly in scripting. Deep Instinct Prevention Platform detects malicious scripts but it needs better measures, perhaps signing scripts, so we can be sure that a script is created by a client, not by some malware.

It is really about helping us triage incidents effectively, so a bit more help with the analysis of incidents, particularly what the Deep Instinct Prevention Platform agent has discovered, would be beneficial. We need to know what it has spotted that makes it suspect malware.

I have been working with Deep Instinct Prevention Platform for about five years.

The stability of Deep Instinct Prevention Platform is a 10.

The ability to scale and expand is excellent. The biggest customer has 50,000 instances, so it scales very well.

For technical support, I would rate it an eight. There is a lot of information online in their portal, although it can be difficult to find what I am looking for in there.

The support needs to be more granular, and perhaps they can consider using AI to help us ask questions instead of searching for specific keywords.

Positive

The initial setup process for Deep Instinct Prevention Platform is simple. It involves a download of the agent with a simple string, and it can be installed using an IT management system.

The price for Deep Instinct Prevention Platform is reasonable. It is about the same price as any other antivirus.

I compared Deep Instinct Prevention Platform with a number of antivirus products at the time, such as Trend, Malwarebytes, and Norton, and it beat all of them by a long way.

I am still working with the Imperva product, as I provided a review on PeerSpot about Imperva approximately two years ago, which is a pretty long time.

It is the general platform, and I am using solutions such as Imperva Application Security Platform or Imperva Managed Rules, and it is now owned by Thales.

I am using the database solution, which serves as data protection at rest and in motion.

The only database solution I am using is for data protection at rest and in motion.

I am currently using Okta, but I am no longer using Agari.

I am using Workforce and Customer Identity Management from Okta.

I am using Deep Instinct Prevention Platform as an additional product from Okta.

Deep Instinct Prevention Platform is indeed part of my security arsenal.

I use Deep Instinct Prevention Platform.

If malware is a concern, and particularly ransomware, given the cost of ransomware and the risks, even with good quality endpoint detection systems, I would still implement Deep Instinct Prevention Platform alongside other antivirus. I would rate this review a 10.

Deep Instinct Prevention Platform is the solution I have experience working with, not Huntress. It's a true prevention platform; this tool is used by my clients to actually stop ransomware and malware from getting into the environment where all the other vendors let it get in and then do something about it.

We actually prevent it before it can even write to the hard drive. We're true prevention using deep learning.

The detection rates are very high, much higher than anything else on the market. Very low resource usage is also a great feature, meaning it doesn't use much computer power to run.

Another significant advantage is that it only requires three to four updates a year; it doesn't need daily or weekly updates.

The endpoint protection across devices in this solution is the best I've ever seen.

The main area for improvement in Deep Instinct Prevention Platform is Arm support, which is not implemented yet. Though it's coming, they haven't released it yet.

I have experience working with this tool for about four years.

I haven't seen any troubles with the deployment.

The solution is very stable. We've been using it non-stop for four years, and we provide it to about 250 MSP partners, requiring very low maintenance.

Deep Instinct Prevention Platform is a highly scalable solution, and I believe one of the biggest clients has about 500,000 endpoints.

Technical support from Deep Instinct Prevention Platform is fantastic. Support from them is outstanding.

Positive

Many of our clients have moved from SentinelOne and Microsoft to Deep Instinct Prevention Platform, and they have seen ROI from this tool.

The setup is really easy with almost zero cost for implementation. The licensing is very competitively priced, better than all other solutions.

One of the biggest savings is SOC savings; my clients have massive time savings because this has fewer false positives than any other solution, with a guaranteed false positive rate of 0.1%. No other vendor gives a guarantee of false positives.

This means less work for the SOC team to investigate alerts because there are not as many alerts to check.

The ROI is approximately 440%, and there's a whole article documenting this.

The pricing of this tool has almost zero setup cost, and the implementation is straightforward. The licensing is very competitively priced, better than all other solutions.

I usually compare it with solutions such as SentinelOne, CrowdStrike, Microsoft, Bitdefender, Kaspersky, and all other major competitors.

My advice for people considering Deep Instinct Prevention Platform is to conduct a test. Test it against the competitors and you'll see firsthand how amazing this product is and how fast it protects things in real time.

It's much faster than anything else on the market to predict and prevent.

It has billions of patterns in this single agent that gets loaded onto your device. These billions of patterns act a human brain to understand what malware is trying to do before it actually runs. They can block it before it actually executes.

My advice to people is to test it against competitors, because everyone who has done that has chosen Deep Instinct Prevention Platform.

I rate Deep Instinct Prevention Platform 10 out of 10.

We've become a hybrid mix with COVID. Some folks are completely remote, while others, like our support teams, HR, finance, and IT, are in a hybrid role, where they can come into the office but predominantly work remotely. And we do have some folks who are in the office, although they are few and far between these days. More of the protections are around the individuals wherever they are. The office boundaries have really been extended so we're putting more controls around those peoples' laptops.

It has caught a lot of things for us and prevented a lot of things, saving some of our time. It prevented a couple of ransomware situations and that does give me peace of mind. When it does catch something like that, it locks up the person's computer and they end up saying to us, "Hey, what's going on? My computer is not working right." We say, "Yeah, you picked up something and it looks like it's ransomware," when we look at the log. The solution is doing its job by preventing that from spreading. For people who are hybrid and come back into the office, I don't have to worry about that.

For the most, Deep Instinct has done a pretty good job of blocking a lot of this stuff in advance. That means we don't have to spend all that time remediating things and can do more of the forensic investigation part. It's been a great ride having Deep Instinct on the side.

We have a small IT team. We only have one cyber security engineer and a couple of help desk individuals. It's helped our team a lot, and our agency as a whole, in terms of enabling us to focus on other things, rather than fighting all those battles on everybody's endpoint.

In the past, when we used a traditional antivirus, it wasn't really blocking anything. It was more signature-based and a lot of things were coming through. What usually ended up happening was that we would have to wipe the computer and there would be at least a couple of days of downtime for that individual. And that was in the past, before COVID, when people were traditionally coming into the office where they had another device they could work on.

But now, everybody only has that one laptop or one desktop, so if they're out, they're out. With DI, we haven't had that issue where we have to wipe that person's computer out. Usually what we find is that if it's some adware, we just clean out and reset their browser and that gets them back in the game. That saves us a lot of time and effort for all our staff.

In short, it's a time-saver. There are a lot of things that DI does in the background for prevention. I don't have to worry too much about risk. The only risk for us is if an endpoint doesn't have Deep Instinct at all. As long as we have DI on an endpoint, it's going to do its job and I don't have to worry about the risk when they're taking that endpoint home or elsewhere. It's definitely one good layer of investment that we have put in and we're definitely going to keep that going.

The prevention pieces, which are the policies we worked on with the DI team, are very valuable. They guided us through a setup with policies that were very conservative. We can see what gets flagged. Eventually, we tweaked them with the DI team so they're blocking more. That has really helped our team to save time.

It's very easy to use for a small team. We're a non-profit and we don't have a big cyber team and individuals that can do the pen testing, the red team/blue team type of work. We only have one individual who is dedicated to the role of monitoring and making sure that we're safe. So the prevention piece it gives us is very important. It saves us a lot of headache.

We have a PHI (protected health information) committee, and some of the things that we review on a weekly basis are incidents. For example, if there was malware or adware or some kind of phishing attempt, or even ransomware, we would have to investigate and see if there was any PHI impact. We've seen small things because some kind of adware made its way through the browser from some malicious link, and it's really hard to prevent those. We're putting more levels of filtering around that.

There are some product development ideas that we have been working on alongside the DI team, and they've been super helpful. There are definitely a lot more little areas of improvement for the interface.

Also, we have talked with the DI team about adding the forensic piece, which is what we do a lot. That would be added value and they've just recently provided more individuals to think about the roadmap. That's part of their strategy and one of the good features that they want to bring on. Hopefully, they can bring that to fruition and that will ease our workflow a little bit more.

The additional predictive and prevention capabilities in the 3.0 version, that don't require special rules and configuration, help our organization. The only caveat is that when things get done automatically, I would appreciate more logging of what's happening in the background, if it is doing some kind of intervention. If we need to do some forensics, we should be able to backtrack from the log that gets uploaded to our cloud instance and see, forensically, what the root cause was. We should be able to see what instigated that trigger by DI and what exactly was done. That's a missing piece. It does a good job of preventing, but then we don't know what were the symptoms of the prevention.

Let's say that there was like a PowerShell block. We'll see an indicator on the dashboard and we'll look at the logs and investigate. Sometimes we find that the logs that are captured locally on the endpoint itself are not very thorough. We were coached through our training with DI that, when troubleshooting, the DI team would always ask for the logs from the endpoint. We know what we need to do to look at something. But the logging for DI doesn't capture everything. There are some things that are missing. When it comes to root-cause analysis, or kill-chain analysis, and figuring out exactly what happened, it's very hard to do that right now on the product. I have used Carbon Black before and they're pretty good with the forensic analysis. That does save some efforts of my one engineer and myself when we have to go through the PHI committee. Right now, with Di, that feels like a blind spot.

Another area for development is making the license clean-up a little bit easier. We always have to manually uninstall agents. If there were some way to remove the licensing and do better license management on the platform, that would help my team as well.

We have been using Deep Instinct for about two years.

These days, it's more stable than it was.

In the past, when we pushed out agents, we would experience issues with getting online updates. There were agents that would just lose connectivity and wouldn't report back. That required manual interaction, but that was in version 2.x. 

Now, it's pretty smooth. The updates have been happening and we can see all the nodes reporting back. The ones that are not reporting back are, of course, offline. Those are the ones where we try to determine if they are truly not connecting or they're just turned off.

It's very quick to scale. We haven't had issues. As long as we deploy the agent with our deployment management console, it's pretty easy and everything else gets set up in the background, such as policies, et cetera. It's pretty painless.

We have 700-plus devices being protected, and that's just laptops and desktops. It has the ability to bring in Chrome in the future. The mix of people using this product includes our executive team, our support, and the rest of our staff who are non-technical, who make up about 80 percent of our users.

As soon as we have more staff, we will put Deep Instinct on their computers. We are evaluating Chrome. Eventually, we'd like to put in DI Chrome as well. The DI team is familiar with that setup and they can help us with that.

I would rate their customer service and technical support as a solid eight out of 10. 

In the past, when we had to reach out to somebody for technical support, we would go back and forth and provide them the logs. They would do the investigation and the conclusion wouldn't look like something that was worth the effort. That's something that the DI team is aware of.

We would like the ability to do root-cause analysis. Usually, the times when we send in a ticket are when we're relying on technical support to give us feedback on why something happened. We try to piece together, with the user's story, what was happening. We try to correlate between the events, and when we're going back and forth with the support team, of course, they're in a different time zone. There are delays there.

Rather than relying on the tech support for their analysis, I would like to be able to do our own analysis. If DI can bring in that ability for the customer, I would appreciate that more, and I wouldn't have to rely on and bog down the tech support team.

If we ever need to escalate a ticket, our rep is always there to escalate it.

Positive

We had an old antivirus from Symantec that we didn't renew.

As soon as we were hit with remote work and we needed to send everybody home with a laptop, I wasn't comfortable sending them home with the Symantec antivirus. Even though it had the latest antivirus definitions, it didn't do a good job of what it was supposed to do. I wanted something that was more behavioral-based. 

I came across DI at a cyber security conference and talked with the reps there. I really liked the technology and then reached out to them and signed up.

In the beginning, the deployment was more complex because the agent would have issues on a couple of servers and even on some endpoints. We had to troubleshoot with our DI team success engineer. During that time, there was also some co-development happening in the background by the DI team. The DI agent is very tamper-proof, which is good. You don't want a hacker to be able to tamper with the application. We had to work with the development team, in Israel, and they had to send new code and then re-deploy the agent. We had to do a little back and forth to figure out why we weren't able to install the agent and, when we tried to uninstall it, it wasn't working.

Once we got the new agent-uninstaller and the new agent to deploy, it was a lot easier from there. It required a lot of engagement and check-ins with the DI team, which we appreciate. 

But we're past that. It was version 2 of the agent. Now we're on 3.x and we're a few generations past that. It's been a lot more stable since they hired more of a QA team to review the code and put some quality assurance into it. Hopefully, that change will stabilize the development and what gets pushed out. We're a lot better for having DI, but during that time when we were going through the deployment, it was a little harder to figure things out. But we got there with the DI team.

It's a cloud deployment. We started off small with just the IT team and certain groups so that we could see how it feels and how it works. Then we grew it out to scale and we worked on pushing out the MSI package to most of the machines. We're still going through a list of which machines do not have it. We continue to cycle some of the older stuff out and make sure that our assets do have Deep Instinct deployed on them.

As a non-profit, we were able to get non-profit pricing from DI.

When we were evaluating different products—we were looking at Carbon Black and Sophos, the top ones—we definitely wanted something that was more behavioral-based. We came from a traditional antivirus that was signature-based, so anything would already be better than that. But having the prevention piece helps me sleep at night. I don't have to worry about it. The DI team is pretty good at keeping everything updated in the background and it then gets pushed out to everybody, as long as they're connected to the internet.

When we were looking at Carbon Black and Sophos, the prevention pieces weren't as strong when compared to DI, which is why we decided to go with DI. We knew that we would sacrifice some of the root-cause analysis ability and some of that control.

We did a trial with the others. Sophos tries to do a lot of the things that DI does, but we were more interested in the prevention piece. I would rather have a product that does the prevention up front and saves me the effort of having to wipe someone's workstation. 

I have worked with Carbon Black in the past, and I do like their root-cause analysis and their ability to remote into peoples' workstations if we need to. That might be another consideration for DI to have some of those features, being in a competitive space with Carbon Black. I would like to be able to do more of the forensic, remote assistance, and remediation pieces.

For instance, if it's some kind of smaller malware or adware that didn't get flagged, not a Zero-day attack but more the kind of things that are just annoying on people's computers, that does take up time. We have to do some research because they get annoying popups or their computer becomes slow. Those are things that we would like to be able to remotely assist with, since everybody is working from home.

We use the PowerShell-type of prevention and that still needs some tweaking because it can be a little sensitive at times. It's one of those harder ones to catch. DI is very conservative when it comes to flagging things.

For example, we have Lenovo laptops and we use PowerShell in the background to run their updates. We do find that Deep Instinct prevents some of those. We then allow them, per user, to see if that works out. But, overall, it seems to be flagging a little too much when it comes to the shellcode. We could open up more exceptions, but we're reluctant to open it wider. That would be another feature discussion with our DI team regarding how we can best handle and manage the exceptions for PowerShell. I don't know if some of the interactions between Lenovo and DI are the issue or if it's just strictly Lenovo. It's a little disruptive when we need to run updates, although we have ways to get around that until we can figure it out with the DI team.

For the most part, it's done its job and I don't have to think about it. You set it up and you let it do its job. It's like a good employee whom you don't have to coach and tell them exactly what needs to be done; it just gets done. It has definitely added value for us, which is why we want to continue our relationship with DI.

Look no further for a solution. Deep Instinct is the de facto choice right now, compared to the market. There are a lot of competitors that try to do what DI does, but I feel that DI does a better job at it.

The things that can be improved are the root-cause analysis and the logging from the endpoint giving us more ability to decipher what is going on. There is so much "magic sauce" happening on the DI end that we don't know what's happening; it just does its thing. When there is a report of slowness of a computer, we don't know if that's DI being in the way or not. We want to be able to rule that out. Usually what we're relying on are the popups from DI, if the user saw them at all. I don't know if the popups are always a true sign that something's happening and whether there is something more happening beyond that.

But Deep Instinct is a true win when it comes to the other choices. It's pretty top-of-the-line right now.

We have it on all our endpoint users' machines. The whole organization pretty much uses it.

We are on the latest version.

Deep Instinct’s prevention-first approach to stopping unknown ransomware and malware is the reason why we purchased the product. The pre-execution versus post-execution is a big piece for us where it is able to stop something before it even hits the box or desktop. That was one of the big reasons why we went with Deep Instinct.

We get a lot fewer calls and help desk tickets, where people say, "Hey, I got a virus," or "My machine is locked up." Productivity from an end-user perspective has obviously increased because they can get things done. From the help desk side, they don't have to go around troubleshooting or re-imaging machines.

Deep Instinct has helped improve the employee experience via reduced operational disruption since less downtime means people work more. Their machines are not offline. This is very critical for our SOC operations and their remediation needs. If there are fewer threats that we have to deal with, then we have more time to work on the few things that we need to work on. We don't need to be troubleshooting a whole slew of stuff. So, it has definitely improved the lives of our SOC operation employees.

Operations-wise, it has given us more uptime from the user community.

The most valuable feature is its inline processing, preprocessing, or prescanning against the files before they come in. Most A/B does post-processing so the preprocessing is big for us. 

Another value of the solution is having fewer false positives. That is another big plus.

They are pretty good with automatic updates and algorithms. They seem to catch the newest threats quite quickly. This is extremely important for our organization.

I would like a little more training for the admins.

We have been using it for close to two years.

We love its stability. We think it will be around for a while.

It is definitely scalable. We have had no issues with it.

I would rate the technical support as eight out of 10. We put in a ticket, then they follow through, even if it is a complex case. So, they don't leave you hanging.

Positive

It replaced another product that we had called Cylance. We wanted fewer false positives. Our prior solution gave us a lot more false positives. With Deep Instinct, we were able to cut that down by a lot. Now, all our desktops and laptops have Deep Instinct on them.

The initial setup was pretty straightforward. Some training was needed since we needed to understand the environment. 

We deployed to approximately 3,000 endpoints, which took us a couple months since we had to schedule and stage it out.

We did it ourselves. A few staff were needed because we deployed it automatically.

Day-to-day, there are just a couple of security analysts keeping eyes on the dashboard. They monitor and see if there are new threats, etc.

Deep Instinct has helped reduce our alerts due to false positive elimination, which has saved us at least 50%.

The speed of Deep Instinct when preventing unknown zero-day, malware, and ransomware threats is really good. They are pretty up-to-date with their algorithms.

We get a bunch of threats. It prevents hundreds, if not thousands, of these across the environment. 

Deep Instinct has helped improve our SOC's endpoint protection management time. 

It is critical for reducing our organization's overall risk. We depend on them. It is all about the endpoints, so they are a big player internally.

Their pricing is very competitive. It is good, fair, and a lot cheaper than what we were doing with Cylance.

I definitely know we looked at CrowdStrike, but their technology at the time was not pre-execution. Their cost was higher as well.

Deep Instinct is really at the next level. They are really good. Compared to a lot of the other bigger solutions, they are probably a bit slower. Their way of dealing with new viruses or threats is just a little different. This solution is pre-execution. Only a few vendors in the market can do that, which is why they are at a different level.

Deep Instinct was a lot easier to stand up during the PoC evaluation time frame then other endpoint protection platforms.

We need something like this, especially something that is pre-execution because there are always a lot of threats out there. We can trust this product and know that it is constantly and effectively working.

As we bring in more departments, we have plans to increase usage.

It is not hard to use. Once you understand how it works, it is not too hard.

We are not running a lot on the server side.

I would rate Deep Instinct as nine out of 10. They are growing and have a lot of potential. The sky's the limit for them.

My use cases include endpoint Protection, just for desktop workstations.

The feature I like is that the dashboard is intuitive. I like the dashboard. It looks very simple. And the allow list feature to allow it generates a few false positives as lots of products do. So the allow list is quite useful.

There is room for improvement in the setup process. I've had to raise it with the engineering team because there's an issue in the installation process where you can't install it unless you disable the built-in Windows Bitdefender antivirus. 

So, you have to manually disable Microsoft Bitdefender in order to install Deep Instinct. So, that makes it impossible to do a network rollout unless you manually visit each computer, which is ridiculous.  

So, I haven't completed the installation process because I'm blocked really because of this issue. Moreover, I don't want to because it's too much manual effort. Operationally, it makes no sense to me. So I told my customers that I'd consider the deployment of the product if it doesn't have these technical issues.

I have been using this solution only for a few months. 

We support small to medium-sized businesses. 

The customer service and support are responsive. As I acknowledge the bug, so it's in a development queue.

The support team acknowledged the logs I produced, etcetera, and I understand the issue. So it was positive. I have raised only one ticket so far. 

Deep Instinct Prevention Platform is obviously more expensive than Bitdefender, which is the one I primarily prefer. So, because of the issue with the installation process, I haven't really evaluated it much further. So, at the moment, I consider BitDefender to be a better value for money.

For pricing of this solution, from a re-seller point of view, I was looking at $1.50 per user. 

Overall, I would rate the product an eight out of ten. I haven't operationally used it thoroughly because of the issue with the installation process. 

We deployed Deep Instinct for two primary reasons: 

1) to bolster our endpoint security and 

2) to incorporate the solution into our managed service.

All our endpoint security sensors were deployed using the detect-only policy and were moved to Prevent policy after a week.

We selected 4-5 endpoints from each department initially to test. After this, we tuned and safelisted as needed, then deployed the sensors to the rest of the environment.

Since then, we have incorporated this platform into our Managed Endpoint Security offering to augment our own Managed XDR offering.

Endpoint security is absolutely critical, particularly as our business went to a remote-first model. We needed a way to secure IT assets out in the field reliably but without disrupting legit business activity. Legacy solutions also tended to bog down CPUs.

Deep Instinct was a strategic complement to our Open XDR platform. With it, we have bolstered our prevention capability to go with our already strong detection and response capability.

The deep learning concept that powers Deep Instinct has been very effective at blocking threats and minimizing false positives that disrupt legitimate business activity.

In an 'assume-breach' world of detection and response, Deep Instinct allows us to once again have an effective prevent-first approach to cybersecurity. This enables us to block more threats immediately and therefore reduce the strain and stress on our SOC. With security staff scarcity, more effective and reliable endpoint security is a must. And Deep Instinct has been able to deliver that across a wide range of endpoints for us. It offers:

• Compatibility with our IT environment and assets
• Deep Learning based prevention eliminates constant updates
• Protection from zero-day malware and ransomware
• Fewer updates with no weekly scans impacting device performance.

Due to the nature of deep learning, it’s sometimes difficult to determine why the AI model has blocked a specific file, although this has improved over time. The downside of its intelligence and automation is we could use more logging details of what happened behind the scenes.

Enhancements for multi-tenant use cases will be a plus as we scale up usage. We're able to work around it within our own multi-tenant XDR platform, but the improved delineation of parties within an instance is beneficial.

Continuous improvement to the admin UI naturally will help improve the experience and allow us to work faster. Sometimes it can be chalked up to training, however, great UX makes a big difference in saving time.

Wider Linux flavors coverage also would be a plus.

I've used the solution for three years.

Stability and reliability have improved in recent upgrades (4.x) to the point it is a non-issue.

The platform has proven to be easily scalable as we deploy not only internally but across many customer environments too.

Support is very collaborative, and positive, and diligently works through issues to completion.

We did use a different solution previously. The primary drawbacks were the endpoint sensors frequently spiked CPU usage, causing IT tickets; and too many false positives.

There were some growing pains early as we adopted this product and discovered issues. We took about six months to roll this out carefully with a few beta testers in various internal departments, then with organization-wide, and then with some early adopter clients.

As a managed cybersecurity service provider, we implemented this ourselves working closely with Deep Instinct.

The product helps to identify undetected advanced search behaviors and IDS/IPS. Sometimes, it detects low-severity and high-level threats. Normally, you won't have a use case built for low-detection purposes, especially for minor things, like LOLBAS binaries. Deep Instinct Prevention Platform identifies threats to the organization at a very early stage.

The solution's stability is good. If the tool was able to provide fine-tuning capabilities from the product's end depending on the environment of its user, then it would be a good improvement in the solution. The product can build prebuilt binaries for major providers, like infra or telecom agencies, who can fine-tune it according to the environments so that they know what applications are considered normal and what is considered abnormal. The tool provides additional support for areas like whitelisting and allowlisting, but it will be very useful to quickly deploy the tool in an environment if it comes in a prebuilt binary package.

I have been using Deep Instinct Prevention Platform for three and a half years.

Deep Instinct Prevention Platform did not initially provide me with an impression of its stability part. Over a certain time period of around three months, I saw that the tool understood our company's environment, after which the solution was able to provide us with critical alerts that were not picked up by the other products. The product initially required a lot of work and fine-tuning. After the product is fine-tuned, it works properly. The solution was able to provide some alerts that are not detected by other products in our company's environment.

Deep Instinct Prevention Platform is deployed on a cloud model, so there are no issues with the scalability part of the product. The product can be scaled up and scaled down. The only thing my company does is that we put the agents in the endpoints, which need to be analyzed.

My company operates as an MSSP provider, so the tool is used by three or four clients. My company deals with around 30,000 endpoints.

My company has a separate team that uses the portal provided by the product to raise our issues with the support team. My company usually gets back a solution as per the agreed SLA.

The solution is deployed on a cloud model.

The product's deployment process can be carried out with the help of our in-house team members, but my company had to seek help from a consultant due to resource constraints.

There is a need for customers of the product to pay towards the licensing costs of the tool.

The solution has improved the organization's ability to prevent cyber threats as it helps its users detect unknown threats that are not covered in their use cases. One caveat when it comes to solutions stems from the fact that users need to do a lot of fine-tuning to let the product detect unknown threats. When you turn on the tool, you will have a lot of alerts that pop up in your environment. You need to fine-tune the tool according to your environment so that you differentiate between normal and abnormal factors. Once the tool's fine-tuning process is correctly done, the solution will show you some alerts that are not detected by other products.

I can't comment on the features I found to be the most valuable or effective for threat prevention since I haven't used the product much to deal with threats. The product is mainly used as a signature-based or behavior-based tool. For threats, my company uses other products to identify or to get more additional context to it.

The deep learning aspect of the product has enhanced our company's cyber defense over a period of time as the tool helps understand the behavior of a particular environment, and it automatically reduces the number of false positives going forward.

I recommend the product to those who plan to use it. I would suggest others get an inventory of their systems so that they can fine-tune all the things before going into the production phase. Once you get through the PoC phase, you can put all your allowlisting and whitelisting into the tool. When you move into production, the number of alerts it shows at the initial stage will be less. You can have a proper alerting mechanism or a real threat identifier in your environment rather than having a tool that throws a huge number of false positives.

I cannot give an exact number on whether the product has helped in the reduction of false positives. My company mainly concentrates on reducing the number of false positives and having the actual alerts shown to us.

The solution integrates with our company's existing security infrastructure, as everything can be automated on Azure platform. The product offers integration capabilities and is also easy to use.

The benefits of the product stem from the fact that it gives clear visibility on the attacks. The product also identifies some of the early threats that were not identified by the other products in our company's environment. The overall defense approach offered by the product elevates the security posture of the organization.

I rate the tool an eight out of ten.

We have it on our endpoints, and the main purpose is to protect them from all the things that can happen: phishing emails, USBs installed, links downloaded, malicious third-party tools being downloaded through patches, etc.

Deep Instinct has helped us to be a lot more proactive on the security front, rather than reactive. We still have to address the threats that it finds, but because it's proactive it stops things before they occur. Instead of spending time trying to investigate what happened, we spend the time on the front-end determining if it's something we should allow or not. It has saved us a lot of time in incident response.

It has also reduced our SOC’s endpoint protection management time and resulted in a significant reduction in false positives. And while we haven't seen a drastic reduction in operational disruption with Deep Instinct, because the solution we had before was working pretty well, I'm sure the fact that it has detected and prevented things has helped people work a whole lot more effectively.

As far as we know it has helped prevent the newest threats and that is very important. There's always something new coming out and trying to stay ahead of that is always a challenge. Compared to the solution we had previously, Deep Instinct is way more thorough in its analysis of the files and memory.

I really like the behavioral analysis feature, because it looks at all the different things, like arbitrary shellcode and reflective DLL. It looks at a lot of things that threat actors use as threat vectors to get into the environment.

It's also very easy to use and very intuitive. That was one of the reasons we picked it. The console is really simple and easy to figure out, as is creating policies. Every policy just needs a group and you can break out the policies per group. That means when you need to make changes, you can do it pretty easily. I can change a group's settings by just opening up a window and selecting dropdown options. 

You can also select what you want things applied to. You can be very granular with your application of it.

I've also been very impressed with Deep Instinct's prevention-first approach to stopping unknown ransom and malware. We had another solution that took a very similar approach—prevention first rather than reactive. This was another one of the reasons we picked Deep Instinct. So far it has been very good at catching things before they execute, which is what we wanted it to do. It's very quick. As soon as it sees something, it quarantines it.

And the predictive and prevention capabilities for shellcode and fileless-based attacks are very important. Yet another reason we picked it was because of how thoroughly it looks through files. It's also very helpful that the predictive and prevention capabilities are built into the 3.0 release and don't require special rules or configuration. When an update comes out, it doesn't require us to reconfigure the device or the policies. It just follows along with what happened before. And if something is a brand-new feature, it comes out in "detect only," and that gives us an opportunity to test it before actually doing any prevention.

The interface on the endpoint could be a little more descriptive and more valuable. It doesn't always tell you the data you need to see. Improvement there would be very helpful.

I've been using Deep Instinct for about two years.

It's very stable. We've had no issues with that.

It works well as long as you have an automatic way to deploy it, like SCCM or GPO, which they have provisions for.

We use it throughout the environment as our endpoint solution. It is our only endpoint solution. We have it rolled out as far as we're going to at this point.

Tech support helped me with a very complex problem that took a lot of digging and research, beyond the norm. They helped figure it out. Whenever I open a ticket, they respond within a couple of hours.

Positive

We were using another artificial intelligence solution, Cylance, that actually worked really well, but it lacked some of the features that we were looking for, including granularity and configuration options. Both Deep Instinct and Cylance are pre-execution and both work well.

One of the differentiators between the two at the time was that Deep Instinct had so much configurability compared to Cylance. We could be very specific with how we set up our exclusions and allowances. I think Cylance has caught up, but at the time there was a difference.

The initial setup was pretty straightforward. We just had to configure the console, and the professional services were a big part of getting that set up. Once you get the console configured, you deploy the agents. Once we got the automated deployment down, it was really easy. We deploy it through SCCM.

Our deployment took about four months. We have a little over 5,000 users. For deployment we have two desktop staff, which is a redundancy as one person can actually do it. And there are two of us who watch the console every day.

We used Deep Instinct professional services to help us. We did it ourselves, but they were there to help us when we needed assistance.

The return on investment is in the time saved and being able to be more proactive. It's given us a lot more insight into the environment, which we didn't have before. It has definitely been a big help.

We evaluated four others solutions. A lot of them were new and maturing as they went, but the big difference between Deep Instinct and everyone else was the pre-execution portion. Almost everything else we looked at was all post-execution or machine learning or artificial intelligence. Deep Instinct was the only one that uses deep learning and the only one that was consistently working on pre-execution.

And with the other solutions that were pre-execution, sometimes something would get through and run. They would say, "Yeah, sometimes you want to watch it first," but Deep Instinct doesn't do that. Deep Instinct just blocks it first.

During testing and evaluation, Deep Instinct performed very well. And their professional service engineer was very helpful in answering our questions and explaining how things work when we asked why things worked a certain way. And the performance has been better in our deployment than it was in the PoC, which is unusual.

Test it thoroughly with all your use cases, and even on use cases you don't usually think about. Do your own testing. Don't rely on the vendor testing at all. The vendor testing was good and they did a demo, but definitely do your own testing. With every product we test, not just Deep Instinct, we do our own testing and that raises a whole lot of questions that normally might not be raised.

Do your homework on the solution and how it works. Understand it. Go through the training materials they have. They suggested doing that initially but I did that toward the end, after deployment. I should have done it earlier. The lesson learned would be to become as familiar with the tool as possible. That sounds obvious, but sometimes in IT we just like to run with something and go.

There's been a little bit of impact initially, here and there, on our endpoints, as far as performance goes, but once it gets tuned in, that seems to settle down.

Overall, it's doing a really good job of reducing our organization's overall risk. What it picks up and blocks on a regular basis seems to be very effective.

We use the solution for our MSP and MSSP clients. Our clients' range of industries involves finance, insurance, and professional services. So, we use it across almost all companies.

One of the advantages of the solution is that it provides only two updates a year.

It performs most of its duties effectively in the pre-execution stage. Whenever someone downloads a file, the system immediately detects it and prevents its execution if required. If a file bypasses the initial download detection, the system will still intercept and stop it in the pre-execution stage.

I think it's probably the administration, especially the administration platform, which could be improved in the solution. It's clunky and hard to navigate, especially for inexperienced technicians. So, I want to see better platform administration and easy navigation in the future.

I have experience with Deep Instinct Prevention Platform for three years. Also, I am using the latest version of the solution. My company is a reseller of the solution.

Stability-wise, I rate the solution a ten out of ten.

Although not currently within our organization, we have a potential use case for approximately 850 endpoints or clients in finance, professional services, and other businesses.

Scalability-wise, I rate the solution a nine out of ten.

The solution's technical support is very responsive and helpful. In the past, technical support has answered all my queries very quickly. So, I rate the solution's technical support a nine out of ten.

Positive

Previously, I used Trend Micro. Trend Micro is a bad product, as it uses too many resources from my clients. So, none of my clients wanted the solution.

It doesn't cost us anything to maintain the solution. So as far as investing any time into deployment or maintaining it, there's none. It's deployed very easily. Also, the deployment can be done remotely.

The deployment process takes about one and a half minutes per PC. So depending on the size of the client, we might spend an hour or two deploying it. And depending on the technology our clients possess, they may be able to deploy it by themselves. We can also help them deploy the solution over the phone.

We have a return on investment of about 100% using the solution. So, we charge a reasonable amount for the solution from our clients.

There are no additional costs on the price, and our company has a support contract, which bundles in those services anyway. The cost is something I can't split out exactly for each desktop or each endpoint.

Though I can't tell you what we, in our company, looked at as an alternative for Trend Micro, we chose Deep Instinct Prevention Platform since we needed it.

I would absolutely recommend Deep Instinct Prevention Platform to those planning to use it. Overall, I rate the solution a ten out of ten.

We are using Deep Instinct for malware protection on servers and workstations. We are using its latest version.

It has given us a more structured approach for detecting and preventing threats. It has machine learning-based detection and prevention. Their engines, in even older versions, are able to pick these viruses and malware. They have posted a lot of use cases online for detecting different viruses and malware that have been out for many years. 

The Deep Instinct client stops working when you have two servers and you add high availability or Windows Failover Cluster mode. It doesn't work in a clustered mode. I haven't yet had time to go back and talk with their support and get it fixed.

It would be good if they can make the installation independent of an actual user. Currently, its installation is dependent on the actual user being logged in. For example, a computer has to be logged in for the installation to happen. If it is not logged in, then on the cloud platform, it is going to show that the client is offline. 

On the management side of the cloud platform, we would like to have the administrators segregated by logical entities. We have told them that on their cloud management platform, we would like to be able to segregate clients into different logical entities or organizations so that the administrators are able to manage only those entities that are within their designated organization.

I have been using this solution for four months.

It is stable. There are no issues related to its stability. 

We haven't scaled it yet. We have 250 or so endpoints, which include workstations, servers, etc.

Tech support is provided by our MSP, Cyberforce. They are based out of Austin. They are also providing the solution. They respond very quickly, and they are good. I would rate them a nine out of ten.

We didn't use any other solution.

It was very straightforward and simple. You can obviously do the installation through the command line. It is not a typical EXE file that you just double click and install. 

We have NinjaRMM as our remote management tool for all endpoints. We were able to create a script on NinjaRMM and just do an automated install to Ninja. In a matter of 15 minutes, we had installed it over 200 servers or workstations.

We are a nonprofit. The MSP had provides pretty decent nonprofit rates for us. This was one of the key factors that made us choose Deep Instinct over its competitors who were significantly more expensive.

We compared Deep Instinct with Cylance and CrowdStrike, and we ended up going with Deep Instinct. We felt it was going to give us better coverage, and the cloud management platform was also much easier to use.

It is definitely worth looking at before you make a decision. 

I would rate Deep Instinct a seven out of ten. There are a few kinks, but it is a new company, so we can't expect everything from day one. With that understanding, we accepted some of the shortfalls.