The solution's stability is good. If the tool was able to provide fine-tuning capabilities from the product's end depending on the environment of its user, then it would be a good improvement in the solution. The product can build prebuilt binaries for major providers, like infra or telecom agencies, who can fine-tune it according to the environments so that they know what applications are considered normal and what is considered abnormal. The tool provides additional support for areas like whitelisting and allowlisting, but it will be very useful to quickly deploy the tool in an environment if it comes in a prebuilt binary package.
There is room for improvement in the setup process. I've had to raise it with the engineering team because there's an issue in the installation process where you can't install it unless you disable the built-in Windows Bitdefender antivirus. So, you have to manually disable Microsoft Bitdefender in order to install Deep Instinct. So, that makes it impossible to do a network rollout unless you manually visit each computer, which is ridiculous. So, I haven't completed the installation process because I'm blocked really because of this issue. Moreover, I don't want to because it's too much manual effort. Operationally, it makes no sense to me. So I told my customers that I'd consider the deployment of the product if it doesn't have these technical issues.
Head of Marketing, Cybersecurity Solutions at Netsurion
Real User
Top 5
2023-06-21T21:41:00Z
Jun 21, 2023
Due to the nature of deep learning, it’s sometimes difficult to determine why the AI model has blocked a specific file, although this has improved over time. The downside of its intelligence and automation is we could use more logging details of what happened behind the scenes. Enhancements for multi-tenant use cases will be a plus as we scale up usage. We're able to work around it within our own multi-tenant XDR platform, but the improved delineation of parties within an instance is beneficial. Continuous improvement to the admin UI naturally will help improve the experience and allow us to work faster. Sometimes it can be chalked up to training, however, great UX makes a big difference in saving time. Wider Linux flavors coverage also would be a plus.
I think it's probably the administration, especially the administration platform, which could be improved in the solution. It's clunky and hard to navigate, especially for inexperienced technicians. So, I want to see better platform administration and easy navigation in the future.
Principal Security Analyst at a government with 5,001-10,000 employees
Real User
2022-06-01T19:51:00Z
Jun 1, 2022
The interface on the endpoint could be a little more descriptive and more valuable. It doesn't always tell you the data you need to see. Improvement there would be very helpful.
Learn what your peers think about Deep Instinct Prevention Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Its support for Linux and Unix operating systems can be improved. Currently, they cover macOS and Windows, but they don't cover Linux and some of the Unix products. Pricing is also an issue. Its pricing is not as aggressive as it could be, and its price makes it difficult to sell. Customers feel that they can get an antivirus for a lower price, even though it is not a similar product. It is technically different. Their SLAs can be better. They have to give you 24/7 support, but their SLAs are not very good. They should be better documented, and the offerings should also be a little bit better. What happens is that the SLAs end up in the hands of the intermediary, seller, or the local partner of Deep Instinct in a country. The customers want very fast SLAs in a very short time, but Deep Instinct doesn't give them at the same speed. Having said that, SLAs are important when you have a lot of issues, but this product doesn't have too many issues, so it is not a big concern. However, for a customer who doesn't know the product, it could be a concern.
The Deep Instinct client stops working when you have two servers and you add high availability or Windows Failover Cluster mode. It doesn't work in a clustered mode. I haven't yet had time to go back and talk with their support and get it fixed. It would be good if they can make the installation independent of an actual user. Currently, its installation is dependent on the actual user being logged in. For example, a computer has to be logged in for the installation to happen. If it is not logged in, then on the cloud platform, it is going to show that the client is offline. On the management side of the cloud platform, we would like to have the administrators segregated by logical entities. We have told them that on their cloud management platform, we would like to be able to segregate clients into different logical entities or organizations so that the administrators are able to manage only those entities that are within their designated organization.
Some of the features are very resource intensive, such as the ransomware detection. It consumed so much of the resource on the endpoints that we have disabled those functions. If they could improve the detection logic so that those elements would consume less resource, that'd be effective. They could also improve the reporting feature so it coul be more like you find in Maltego or IBM's i2. They could introduce a graph feature to coordinate between search and those things, perhaps a dashboard of some kind.
Owner at a computer software company with 1-10 employees
Reseller
2020-09-03T07:49:00Z
Sep 3, 2020
My primary concern is that there are elements of the MSSP model that need updating. Specifically, there are some technical controls that need to be updated and it means that rolling it out is a little bit more complicated than it has to be. If the client is working remotely and doesn't have a VPN then the deployment is difficult to do. In the future, I would like to see additional reporting made available. Adding a firewall would negate the need for some products by other vendors. More generally, adding traditional endpoint security features over time would mean that we would not have to support multiple platforms.
Reporting on incidents needs improvement. It doesn't give very much information compared to Sophos. Sophos will give you a graphic that you can zoom in on the subject and find out everything that the exploit tried to do. It gives you a visual sense of what is going on. When it does find something I am not 100% sure that they are exploits or if they are false positives. At times, it can be difficult to tell what the problem is. The deployment was a bit difficult. It was more difficult than Sophos, for example, with having to create an installer. I had to read through a lot of documentation to figure it out. It's clunky and cumbersome. In Sophos, I can click what I want and it downloads an installer for each tenant. It just takes seconds. Whereas with Deep Instinct, I have to create a whole script and a lot more steps to deploy it. You have to be more technical to deploy it. You can't just send a file to an end-user and have them install it. You have to have technical expertise. The dashboards are quite primitive compared to Sophos, which is both good and bad. It's good because it's fast. Easier Deployment would be better. More integration with RMMs, such as LabTech or Automate. Also, there should be more optics. When it does something, more information on what's happening would help us to make better decisions.
25 Year Managed Security Service Veteran at a tech services company with 11-50 employees
Reseller
2018-12-24T08:59:00Z
Dec 24, 2018
The Achilles heel in our industry is reporting. I would love to see exceptional, outstanding level of reporting. I know that's like asking for a unicorn to leap out of the sky with any of these products. But reporting is always the thing that it is challenging. Fortunately, because as operators we get information through the dashboard, it hasn't been an issue yet. But for us, to really differentiate and really squeeze the full value out of this with our clients, the reporting is critical. Why is that? When everything works, clients began to wonder: "Everything's fine. Why do we need you?" That's where the reporting capabilities would allow us to really demonstrate: "Hey, here's what's actually going on, Mr. Customer."
If they can bring some additional, complementary solutions, like network scanning and the like, that will help. If they had some sort of a firewall which could help detect DDoS attacks and other things. It's just an extension of what they do, so it would not be just the endpoint. If they can take the technology and make it more useful across the network and add anything that could help improve the work environment, that would be good. I'm watching closely to see what they next bring onboard. But within the product itself, overall I don't see any required improvement because it has a very lightweight agent, it's fast and quick, and it detects everything. I haven't experienced any negativity on the Deep Instinct side. The UI is pretty straightforward. It's very simple. It would be nice to have if there were options where, if I have to do SIEM integration, I could do so from the UI: Just pick and choose what SIEM solutions the customers use and have options to have out-of-the-box connection facility. If I had an option to do SIEM integration out-of-the-box from the user interface, that would be handy.
Regional Technical Manager at a retailer with 201-500 employees
Real User
2018-11-11T13:13:00Z
Nov 11, 2018
I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS. At this point, they don't have a local quarantine feature that can be triggered by the agents. It has to be done by whitelisting. Deep Instinct has also said that this will be available in Q2 2019.
Senior Consultant at a tech services company with 11-50 employees
Reseller
2018-11-06T13:09:00Z
Nov 6, 2018
I would like to see improvement in the user interface so that the user has more control. For example, it would be good if a user could change their grouping if they want to be part of another group. Or if I want to right-click and scan a specific file that I just imported, that would be helpful. Sometimes you just want to do an extra scan to make sure you're safe.
Deep Instinct PREVENTS >99% of UNKNOWN threats like ransomware and zero-days before they land inside your environment – not after. With both an agentless and agent-based approach, we ensure file-based and fileless attacks are prevented. To achieve this, Deep Instinct is pioneering the use of deep learning AI to prevent threats in <20ms, without requiring calls to the cloud for threat intelligence. Our ability to scale to the needs of the enterprise is unprecedented as is our delivery...
The solution's stability is good. If the tool was able to provide fine-tuning capabilities from the product's end depending on the environment of its user, then it would be a good improvement in the solution. The product can build prebuilt binaries for major providers, like infra or telecom agencies, who can fine-tune it according to the environments so that they know what applications are considered normal and what is considered abnormal. The tool provides additional support for areas like whitelisting and allowlisting, but it will be very useful to quickly deploy the tool in an environment if it comes in a prebuilt binary package.
There is room for improvement in the setup process. I've had to raise it with the engineering team because there's an issue in the installation process where you can't install it unless you disable the built-in Windows Bitdefender antivirus. So, you have to manually disable Microsoft Bitdefender in order to install Deep Instinct. So, that makes it impossible to do a network rollout unless you manually visit each computer, which is ridiculous. So, I haven't completed the installation process because I'm blocked really because of this issue. Moreover, I don't want to because it's too much manual effort. Operationally, it makes no sense to me. So I told my customers that I'd consider the deployment of the product if it doesn't have these technical issues.
Due to the nature of deep learning, it’s sometimes difficult to determine why the AI model has blocked a specific file, although this has improved over time. The downside of its intelligence and automation is we could use more logging details of what happened behind the scenes. Enhancements for multi-tenant use cases will be a plus as we scale up usage. We're able to work around it within our own multi-tenant XDR platform, but the improved delineation of parties within an instance is beneficial. Continuous improvement to the admin UI naturally will help improve the experience and allow us to work faster. Sometimes it can be chalked up to training, however, great UX makes a big difference in saving time. Wider Linux flavors coverage also would be a plus.
I think it's probably the administration, especially the administration platform, which could be improved in the solution. It's clunky and hard to navigate, especially for inexperienced technicians. So, I want to see better platform administration and easy navigation in the future.
I would like a little more training for the admins.
The interface on the endpoint could be a little more descriptive and more valuable. It doesn't always tell you the data you need to see. Improvement there would be very helpful.
The documentation could be improved. They have a manual, but it is not excessive.
Its support for Linux and Unix operating systems can be improved. Currently, they cover macOS and Windows, but they don't cover Linux and some of the Unix products. Pricing is also an issue. Its pricing is not as aggressive as it could be, and its price makes it difficult to sell. Customers feel that they can get an antivirus for a lower price, even though it is not a similar product. It is technically different. Their SLAs can be better. They have to give you 24/7 support, but their SLAs are not very good. They should be better documented, and the offerings should also be a little bit better. What happens is that the SLAs end up in the hands of the intermediary, seller, or the local partner of Deep Instinct in a country. The customers want very fast SLAs in a very short time, but Deep Instinct doesn't give them at the same speed. Having said that, SLAs are important when you have a lot of issues, but this product doesn't have too many issues, so it is not a big concern. However, for a customer who doesn't know the product, it could be a concern.
The Deep Instinct client stops working when you have two servers and you add high availability or Windows Failover Cluster mode. It doesn't work in a clustered mode. I haven't yet had time to go back and talk with their support and get it fixed. It would be good if they can make the installation independent of an actual user. Currently, its installation is dependent on the actual user being logged in. For example, a computer has to be logged in for the installation to happen. If it is not logged in, then on the cloud platform, it is going to show that the client is offline. On the management side of the cloud platform, we would like to have the administrators segregated by logical entities. We have told them that on their cloud management platform, we would like to be able to segregate clients into different logical entities or organizations so that the administrators are able to manage only those entities that are within their designated organization.
Some of the features are very resource intensive, such as the ransomware detection. It consumed so much of the resource on the endpoints that we have disabled those functions. If they could improve the detection logic so that those elements would consume less resource, that'd be effective. They could also improve the reporting feature so it coul be more like you find in Maltego or IBM's i2. They could introduce a graph feature to coordinate between search and those things, perhaps a dashboard of some kind.
My primary concern is that there are elements of the MSSP model that need updating. Specifically, there are some technical controls that need to be updated and it means that rolling it out is a little bit more complicated than it has to be. If the client is working remotely and doesn't have a VPN then the deployment is difficult to do. In the future, I would like to see additional reporting made available. Adding a firewall would negate the need for some products by other vendors. More generally, adding traditional endpoint security features over time would mean that we would not have to support multiple platforms.
Reporting on incidents needs improvement. It doesn't give very much information compared to Sophos. Sophos will give you a graphic that you can zoom in on the subject and find out everything that the exploit tried to do. It gives you a visual sense of what is going on. When it does find something I am not 100% sure that they are exploits or if they are false positives. At times, it can be difficult to tell what the problem is. The deployment was a bit difficult. It was more difficult than Sophos, for example, with having to create an installer. I had to read through a lot of documentation to figure it out. It's clunky and cumbersome. In Sophos, I can click what I want and it downloads an installer for each tenant. It just takes seconds. Whereas with Deep Instinct, I have to create a whole script and a lot more steps to deploy it. You have to be more technical to deploy it. You can't just send a file to an end-user and have them install it. You have to have technical expertise. The dashboards are quite primitive compared to Sophos, which is both good and bad. It's good because it's fast. Easier Deployment would be better. More integration with RMMs, such as LabTech or Automate. Also, there should be more optics. When it does something, more information on what's happening would help us to make better decisions.
The Achilles heel in our industry is reporting. I would love to see exceptional, outstanding level of reporting. I know that's like asking for a unicorn to leap out of the sky with any of these products. But reporting is always the thing that it is challenging. Fortunately, because as operators we get information through the dashboard, it hasn't been an issue yet. But for us, to really differentiate and really squeeze the full value out of this with our clients, the reporting is critical. Why is that? When everything works, clients began to wonder: "Everything's fine. Why do we need you?" That's where the reporting capabilities would allow us to really demonstrate: "Hey, here's what's actually going on, Mr. Customer."
If they can bring some additional, complementary solutions, like network scanning and the like, that will help. If they had some sort of a firewall which could help detect DDoS attacks and other things. It's just an extension of what they do, so it would not be just the endpoint. If they can take the technology and make it more useful across the network and add anything that could help improve the work environment, that would be good. I'm watching closely to see what they next bring onboard. But within the product itself, overall I don't see any required improvement because it has a very lightweight agent, it's fast and quick, and it detects everything. I haven't experienced any negativity on the Deep Instinct side. The UI is pretty straightforward. It's very simple. It would be nice to have if there were options where, if I have to do SIEM integration, I could do so from the UI: Just pick and choose what SIEM solutions the customers use and have options to have out-of-the-box connection facility. If I had an option to do SIEM integration out-of-the-box from the user interface, that would be handy.
The Management Console is not localized.
I am looking forward to them adding Linux in Q1 or Q2 of 2019, as this is often requested by my partners and customers. Currently, Deep Instinct only has Windows, Mac, Android, and iOS. At this point, they don't have a local quarantine feature that can be triggered by the agents. It has to be done by whitelisting. Deep Instinct has also said that this will be available in Q2 2019.
I would like to see improvement in the user interface so that the user has more control. For example, it would be good if a user could change their grouping if they want to be part of another group. Or if I want to right-click and scan a specific file that I just imported, that would be helpful. Sometimes you just want to do an extra scan to make sure you're safe.