What is Deep Instinct?
Deep Instinct is a cybersecurity company that uses deep learning to provide endpoint, server, application, and mobile security. It claims to be “the first company to apply end-to-end deep learning to cybersecurity.”
Deep Instinct uses a prevention-first approach. It’s designed to identify threats and prevent payloads from deploying within an organisation’s systems. Using deep learning—in contrast to just machine learning—Deep Instinct is proactive and predictive.
- Ransomware prevention
- Prevention of zero-day attacks
- Improving the efficacy of endpoint protection platforms (EPP)
- Extending and enhancing endpoint detection and response (EDR)
- Stopping fileless attacks
They also offer managed services. By offering “prevention as a service,” they’re in effect creating a new category in the industry.
The company has positioned itself rather boldly in the cybersecurity solution landscape, so in this article, we’ll take a look at whether the hype is justified.
Is Deep Instinct an EDR?
Yes and no. Let’s start with no. While Deep Instinct is technically an endpoint protection platform, it takes a strong stance on the shortcomings of most EDR tools on the market.
Their e-book “8 Reasons Why EDR Is Not Enough” says that even though endpoint detection and response (EDR) tools might have sparked optimism at first, escalating ransomware incidents all around us are forcing us to smell the coffee: EDR solutions are failing us.
Deep Instinct’s documentation vehemently states that EDR is not enough to defend against present and future threats. In their words, EDR is flawed because it is reactive and frankly “too late” to protect an organisation against threats.
The e-book urges companies to adopt a prevention-first approach in their security strategy and look for ways “to complement existing EDR solutions to mitigate risk.” But by “complementing,” they don’t mean the typical extended detection and response (XDR)—the new shiny object in cybersecurity—because even XDR is a “post-execution-focused solution.”
Again, their emphasis is prevention—i.e., pre-execution—or as Deep Instinct puts it, “zero time.”
To conclude, Deep Instinct positions itself as a deep learning tool that can “sharpen your EDR.” It can improve the effectiveness of EDR tools “by significantly reducing the signal-to-noise ratio and allowing security teams to more quickly identify threats that need investigating and remediation before attackers breach the network.”
What is the difference between machine learning and deep learning?
In a nutshell, machine learning is a type of AI, and deep learning is a more advanced form of machine learning.
To understand deep learning, imagine multiple layers of neural networks working together similarly to the way human brains process information. Or, just as the human brain turns a first-time encounter into instinctive or intuitive knowledge, so deep learning’s goal is to turn learnings into instant second-nature decision-making.
Machine learning (ML) is the most common type of AI in cybersecurity tools right now. But it has significant limitations. ML is mostly reactive and still requires extensive human involvement to engineer features. It also relies on human tuning to detect known patterns that indicate an attack. ML only takes a look at about 2 to 5 percent of available data. In contrast, deep learning (DL) trains on 100 percent of available raw data and “can make autonomous decisions about unknown threats without having to see the entirety of an attack.”
But is that fundamental difference really part of Deep Instinct’s competitive edge?
Curiously, even Deep Instinct acknowledges that “deep learning has reached ‘buzzword’ status” and says that many companies are appropriating the term without truly delivering that type of technology.
So let’s look at how their technology actually works and whether it truly delivers.
How does Deep Instinct work?
Is it an agent-based solution?
Deep Instinct is an agent-based solution. What you get is a fully trained model.
Why is that important? Because some people will falsely assume that deep learning has to take place on their own endpoints and in their own environment. That would make the “intelligence” quite limited.
Stephen Salinas, former head of product marketing at Deep Instinct, explained in an ActualTech Media interview (hosted by Scott Lowe): “We train on a universe of threats—and it’s millions and millions of threats.”
Essentially, Deep Instinct has an enormous data set of known malicious files, and based on that, the tool will make a verdict. Salinas explained that Deep Instinct doesn’t need to know anything about your organisation or any organisation to make deep learning work. “It’s really about the amount of threats that we’ve trained the model on.”
How does it make decisions?
Deep instinct uses a multi-layered approach, consisting of (1) deep static analysis, (2) deep behaviour analysis, and (3) deep automatic analysis.
Static analysis is the first stage where, for example, a file will be scanned and compared against the library of data of known malicious files. And if it gets past this stage and the user engages with that file, behaviour analysis will kick in. Deep Instinct will identify behaviours that are associated with ransomware and will step in and block it. Finally, it offers automatic remediation, post-execution.
How are model updates deployed?
The company releases updates about two or three times a year. This is a benefit to security operation centres (SOCs) within organisations because they don’t need to perform countless security updates or rely on continuous internet connectivity.
Does Deep Instinct really do what it says?
To start, let’s look at a few of Deep Instinct’s quantified promises:
- Automatically prevents malware execution with greater than 99 percent accuracy
- Detects malware and attacks with less than 0.1 percent false positives
- Recognizes and automatically prevents previously unknown or custom (zero-day) attacks
- Takes less than 20 milliseconds to prevent a threat (750 times faster than ransomware encrypts)
It also boasts that it’s fast, compressed, and lightweight and doesn’t take up a lot of resources to run.
Independent third-party testing results
Unit 221B concluded that the product was so effective that it “prevented unknown malware attacks with 100 percent accuracy … [and] was adept at preventing custom attacks with 96.4 percent accuracy.” In addition, there were absolutely no false positives—all without interfering with safe applications being run for everyday business operations.
At the time of writing, Gartner shows an overall rating of 4.8/5 based on 28 customer ratings, with 95% of customers recommending the product.
Big-name investors boost confidence
Founded in 2015 by Guy Caspi, Deep Instinct garnered quite a bit of attention in 2017 when GPU maker NVIDIA named Deep Instinct “the most disruptive startup” at their Inception Awards. In fact, Deep Instinct developed its deep learning capabilities right on NVIDIA’s GPU machines.
In a CNBC Mad Money episode, Deep Instinct’s CEO Lane Bess (former CEO of Palo Alto Networks and former COO of Zscaler) said, “This was extremely interesting to them [NVIDIA]. And that led to a lot of other opportunities.”
In 2021, Deep Instinct raised $100 million in Series D funding, led by investment behemoth BlackRock.
Industry-leading performance guarantee and warranty
On March 11, 2021, Deep Instinct became the first cybersecurity company to back its own product with a performance guarantee!
In a press release, Deep Instinct stated the performance guarantee “ensures an incredibly low false positive rate.” They’ve also added a ransomware warranty that is “three times higher than any other cybersecurity company.”
Sounds like they’re putting their money where their mouth is, and who doesn’t like that?
How well does Deep Instinct integrate with other platforms and technologies?
The Deep Instinct Prevention Platform includes Deep Instinct for Endpoint, Deep Instinct for Cloud, Deep Instinct for Applications, and Deep Instinct for Web Gateways. It will easily integrate with EDR, SIEM, SOAR, and other tools using REST API, Syslog, or SMTP.
Deep Instinct’s technology partners include:
- Micro Focus ArcSight
- Amazon Web Services
- Workspace ONE
However, some reviewers have noted that running Deep Instinct on Linux and Unix operating systems still needs to be improved. Deployment without a VPN or for remote users can be difficult as well.
A notable integration/partnership was solidified in November 2021 with Tanium. “With Deep Instinct, Tanium customers gain complete visibility and control over their endpoints,” Tanium states on their own website.
Brendan Mangus, Deep Instinct’s director of content marketing, said, “When Tanium and Deep Instinct joined forces in a new strategic alliance … a unique product offering was born. Customers will now get extremely fast and accurate threat prevention capabilities from Deep Instinct combined with full endpoint visibility and control from Tanium.”
Deep Instinct is growing very quickly. So we can expect new information on partnerships and integrations to emerge on an ongoing basis.
How much does Deep Instinct cost?
Deep Instinct’s pricing is a bit hard to track down, as the company doesn’t seem to have published it on their website. The Network Admin Tools website has reported that “each endpoint is priced around $50-75 per instance, all based on the volume,” adding that the mobile solution will range slightly more than this. Also, it’s the console—which manages and controls everything—that carries a big cost.
Reviews on Gartner from various customers indicate that pricing is competitive and even lower-cost compared to larger players. But even though pricing is competitive, some customers noted that the console itself is expensive. So you will see varied opinions on this.
So what’s the conclusion?
Deep Instinct is worth paying close attention to as they continue to make waves developing their deep learning AI technology on their purpose-built prevention platform. We conclude their deep learning technology is science fact, not fiction.
How can I learn more?
This article is a part of a greater series centred around the technologies and themes found within the first edition of the Devoteam TechRadar. To read further into these topics, please download the TechRadar.