Deep instinct For MSSPs

Similar documents
SentinelOne Technical Brief

SentinelOne Technical Brief

Real-time, Unified Endpoint Protection

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

One Hospital s Cybersecurity Journey

TRAPS ADVANCED ENDPOINT PROTECTION

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Kaspersky Managed Service Providers Program

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Countering ransomware with HPE data protection solutions

Get BitDefender Security for File Servers 2 Years 5 PCs computer new software download ]

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Symantec Endpoint Protection Family Feature Comparison

Comodo Unknown File Hunter Software Version 2.1

with Advanced Protection

2018 Cyber Security Predictions

Reducing the Cost of Incident Response

deep (i) the most advanced solution for managed security services

Managed Endpoint Defense

Seceon s Open Threat Management software

Securing the SMB Cloud Generation

The 2017 State of Endpoint Security Risk

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Unlocking the Power of the Cloud

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

Agile Security Solutions

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Built without compromise for users who want it all

SonicWall Capture Client 1.0. Operations

McAfee Embedded Control

Stopping Advanced Persistent Threats In Cloud and DataCenters

Service Provider View of Cyber Security. July 2017

What s New in Version 3.5 Table of Contents

McAfee Advanced Threat Defense

Comodo APT Assessment Tool

Office 365 Buyers Guide: Best Practices for Securing Office 365

Product Line Guide Corporate Antimalware PLUS Network Visibility PLUS Systems Management

IT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

The best for everyday PC users

PCI DSS Compliance. White Paper Parallels Remote Application Server

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Deep Instinct v2.1 Extension for QRadar

AT&T Endpoint Security

Imperva Incapsula Website Security

BUFFERZONE Advanced Endpoint Security

SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees

Deception: Deceiving the Attackers Step by Step

Symantec Enterprise Solution Product Guide

Fast Incident Investigation and Response with CylanceOPTICS

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

Sophos. Allan Widell Channel Account Executive. 24. August 2017

Cybersecurity Auditing in an Unsecure World

Hi rat. Comodo Valkyrie. Software Version User Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

McAfee Endpoint Threat Defense and Response Family

OUR SECURITY DELIVERED YOUR WAY

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

HUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series

For Businesses with more than 25 seats.

BUFFERZONE Advanced Endpoint Security

Bitdefender GravityZone. Supreme protection against active threats for the SMB market

for businesses with more than 25 seats

THE ACCENTURE CYBER DEFENSE SOLUTION

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

ADVANCED ENDPOINT PROTECTION TEST REPORT

Petroleum Refiner Overhauls Security Infrastructure

Put an end to cyberthreats

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Symantec Endpoint Protection

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Next Generation Enduser Protection

Adaptive Defense 2.4: What s New?

MOBILE DEFEND. Powering Robust Mobile Security Solutions

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

SYMANTEC DATA CENTER SECURITY

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Cracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ]

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Sophos Central Admin. help

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO


INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Automating the Top 20 CIS Critical Security Controls

CA Security Management

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Reinventing Cybersecurity Prevention with Deep Learning: Endpoint Cybersecurity Evolution. Whitepaper

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Dell EMC Isolated Recovery

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing

for businesses with more than 25 seats

Deploy Symantec Cloud Workload Protection for Storage

Transcription:

Deep instinct For MSSPs Deep Instinct Solution Deep Instinct is the first and only Endpoint & Mobile Cybersecurity solution that is based on a proprietary deep learning framework that was specifically designed for cybersecurity. Our solution provides detection and prevention, against any file-based or file-less attack, for every operating system, on any device, in one unified platform, delivering unmatched accuracy and efficiency. The result - unparalleled cybersecurity prowess in blocking and preventing even the most evasive unknown, first-seen malware, including Advanced Persistent Threats (APT), zero-day attacks, and ransomware. Deep Instinct provides the best Advanced EndPoint Solution with Multi-Tenant Management specifically built for MSSPs allowing you to extend your offering with minimal overhead to your team. Why partner with us? AEP Security: Offer your customers an easy to use Advanced Endpoint and Mobile Protection with the highest detection rates and lowest false positives for all their devices - Windows, Mac, Android and ios Management Manage your customer s deployed AEP product via a unified, scalable, simple to use, web-based management console that supports a totally segregated Multi-Tenant environment built specifically for MSSPs Customer SLAs: Meet your customer s strict SLA requirements for handling malwares & APTs through the autonomous Deep Instinct client s immediate Prevention (or detection and response) with minimal overhead to your team Go-to-Market: Get Deep Instinct expert assistance to set up the operation; receive training and materials to position & sell the new offering. Manage and support any support issue during business days or on 24x7 basis Ease of Business: Low setup costs, flexible licenses scheme through quarterly billed license bundles with a single, all inclusive price per seat 1

Program Highlights: You will be able to offer your customers the Deep Instinct Advanced Endpoint and Mobile Protection Product on a cost per device quarterly fee basis. Get bulks of endpoint and mobile licenses and distribute to your customers as needed Recurring revenue opportunity using quarterly billing Manage Deep Instinct deployments to multiple segregated customers from a single management infrastructure, using a unified management console built specifically for MSSPs. Connect the Deep Instinct environment to your SIEM/syslog infrastructure We support another hierarchy level (i.e. MSP of MSSPs ) Deep Instinct will help you with the operation setup and provide the following resources to enable you to sell and continuously provide the service to your customers: Deployment of the dedicated Multi-Tenancy server. Annual on-site training for the MSSP personnel on how to position, sell, manage and maintain the Deep Instinct product. Marketing and technical material on the Deep Instinct product. Backend technical support for any issue that will arise two tiers: Standard support, during business days Premium support, 24x7 basis for an additional fee A quarterly co-branded threat-analysis report that includes all events detected and prevented for the customer that quarter the MSSP can send the report to all their customers Sign up to the MSSP program (through approaching your distributor or Deep Instinct representative) and get started within weeks 2

Deep Instinct Architecture: Deep instinct TM neural network Continuous Deep Learning Prediction Model managment D-Cloud Services (Optional) File Classifications Management Server Deployments, brain and policy updates Management Console D-Clients Autonomous Analysis Entities 3

Deep Instinct Protection Layers Autonomous on-device protection detecting and preventing threats in real- time without requiring any supplemental analysis. PRE-EXECUTION On-Access Static file-based analysis - Real-time threat prevention using a lightweight prediction model based on deep learning (D-Brain) that autonomously prevents zero-day and APT cyber threats. Supports the broadest file types in the industry, including executable files (PEs), PDF, Office files, archive files and more. D-Cloud services Provides a fast and scalable file reputation infrastructure in the cloud (AWS) adding a second layer of validation & protection. The service is optional and can be disabled by policy. Script control Protects against fileless attacks that are based on scripts, including PowerShell, JavaScript, VBScript, HTML applications and more. Macro control Using the D-Brain, identifies files containing embedded macros and determines whether the macro is malicious or benign. ON-EXECUTION Behavioral analysis Provides an additional layer of protection for extended coverage of file-less attacks by monitoring and preventing on-execution malicious behavior, including Ransomware, code injection and shellcode attacks. POST EXECUTION: Response and Remediation Remediation Once a problem has been identified, it is resolved using Deep Instinct's response and remediation features, including file quarantine, file restore, file delete, terminate process, infographic of the process chain and more. Deep Classification Determines the malware family type of PE (Portable Executable) files. After a PE file is scanned by the D-Brain and detected as malicious, the file is scanned again by the Deep Classification brain providing results in milliseconds. Our classification model categorizes the malware into 7 different types: Ransomware, Backdoor, Dropper, Virus, Worm, Spyware and PUA. Scanning Performs a full file scan during the initial installation to identify pre-existing malware and new threats on the device. Scheduled periodic scans can be implemented, as defined by the administrator. Deep Classification Prevention < ms Ransomware Backdoor Virus Worm < ms Dropper PUA New File Devices* Spyware No action *Lightweight D-Client Low memory footprint (<120MB), requires less than 1% CPU usage on average. 4

Deep Instinct Management The management system uses a central cross-platform management and monitoring server, hosted in AWS for maximum scalability, manages all endpoints (desktop, server and mobile devices). Monitoring - Easy monitoring of the organization's security and deployment status. Easily integrates to MSSPs SMTP and SIEM environments. Group based Policy - Provides tools for configuring the organization's security policy. Manages different policies for groups or individual devices. Groups can be imported from the Active Directory tree, or pre-defined according to device name, OS version, D-Client version, IP range, tag, Tenant ID and more. Intelligence - Provides an Advanced Threat Analysis feature that performs additional threat analysis for any malware file identified. Produces reports with a wide range of information for further analysis. Multi-Tenancy - Provides MSSPs with the capabilities to manage all entities from the same instance and management console. It includes features to allow administrators and SOC teams to manage multi-msp and multi-tenant environments. Using the Multi-Tenancy feature you can define a management instance per customer (tenant) that is fully segregated for the other tenants. Logs and Reports - Provides advanced logging and reporting capabilities for security, deployment and threat analysis events. Integrates with lead SIEM products and SMTP servers for log forwarding. Role Based Access Control - Ability to set different user roles to groups or individual users in the organization. Simple Deployment and Registration Flow - Integrates with Windows deployment tools, such as SCCM or GPO. Upgrades directly from the management console. Does not require rebooting after installation or upgrade. Flexible Licensing Get bulks of licenses at the MSSP level and assign them as needed per tenant. Integrator MSP-1 MSP-2 MSP-3 Tenant 1.1 Tenant 2.1 Tenant 3.1 The regular Management Console allows the MSSP to manage multiple tenants. Each tenant has his own dedicated dashboard, policies, deployment monitor, and event management panel. A new console, The MSP Hub, allows control over several MSPs and their relevant tenants Tenant 1.2 Tenant 1.3 Tenant 2.2 Tenant 3.2 5

Deep Instinct Technical Support Deep Instinct s Technical Services Organization will handle any technical issue you may encounter missing knowledge on how to use the product, errors or issues encountered by using the product, etc. as well as additional services to ensure high level of customer success using Deep Instinct from the get-go and throughout the lifecycle. Standard Support Premium Support Hot Fixes New Versions Unlimited Support Support Availability Business Days: 9 x 5 All Days: 24 x 7 First time Response Critical: 2 Hours High: Next-Business-Day Other: Next-Business-Day Critical: Minutes High: 4 Hours Other: 8 Hours Work on Fix Business Days Continuous Follow-up Frequency Critical: Daily High: Daily Other: twice a week Critical: Every 8 Hours High: Daily Other: twice a week Periodic Report Periodic Report of Threat Analysis findings at your customer s environment statistics, events, analysis of malicious files etc. (you can provide your customers quarterly to show the value) Sample Periodic Threat Analysis Report: 20 Malware Malware PUA Admin tool Threat Analysis Report customer name 04/19/2018-05/19/2018 event analysis 14 14 PUA Admin Tool Malicious software. Any file/software created to disrupt a computer, gather sensitive information, or gain access to private data. It is recommended to keep prevention events as prevented, and to blacklist any detection events. Ransomware 25 Potentially Unwanted Application. Spyware 10 Any software that can compromise privacy, weaken the computer s security, deceive the victim into scams or being used to gain money by using ads. Legitimate software often bundle such unwanted applications with their original software to Backdoor 8 gain money, and may not provide a clear option to not installing it. It is recommended to keep prevention events as prevented and to blacklist any detection events as long Virus as it 7 does not harm organizational functionalities. Worm Legitimate tools in its nature that are already installed in the victim s environment, or admin, forensic Dropper or system tools 20 that are usually used by network administrators. Those tools can be abused maliciously. It is recommended to keep prevention events as prevented and to blacklist any detection events as long as it does not harm organizational functionalities. 53 False Positive 4 D-Cloud verified 17 N/A intro Deep Instinct provides real-time detection and prevention of malware, zero-day threats and advanced persistent threat (APT) Threat Analysis Report customer name 04/19/2018 for - 05/19/2018 endpoints and mobile devices. event The analysis proactive protection Threat Analysis Report customer name 04/19/2018-05/19/2018 provides unprecedented accuracy in detection and real-time prevention, protecting the organization s entire assets from any threat (known and unknown). This threat analysis report provides analysis for the events occurred during the dates hightlights Executive Summary 4 Ransomware attacks were detected and prevented 2 Spyware were detected and prevented 3 Worms were detected and prevented 04/19/2018-05/19/2018. ADRMS2012 LAP-PC SM-T533 LAP-PC SM-T533 PE 15 Mach-O 35 Office Events Threat Severity File Events Script Events 27 Open 44 4015 25 Macros Unique PDF Open 325 3 25 0 Prevented rtf 74 Unique SWF Unique 48 High 15 Moderate Very High Low TIFF 35 Fonts Top Risks devices JAR 40 41 35 25 11 35 11 Archive False Positive Files that were tagged mistakenly as malicious. It is recommended to whitelist prevention or detection events. Ransomware Ransom software. Malware that locks the usage of the computer, by encryption of files, locker screen or by damaging the hard disk. D-Cloud verified n/a Files that were recovered by the D-Cloud file reputation. Spyware No action should be taken. Backdoor Not Available. Files that were not available for Deep Instinct s analysis. For further analysis recommendations, it is recommended to share the files with Deep Instinct. Spying software. Malware that gathers information from the end user, such as passwords, keystrokes or cookies. Top Risks Users 41 35 11 35 11 Malware that opens an access for an attacker to send additional commands (manually, or automatically as part of a bot/botnet system). adam.m john.d bill.k adam.m john.d Virus Malware that has infection capabilities of other files in local the computer, to get persistence. 2 Worm Malware that has propagation capabilities. It tries to spread out to other computers using various methods, such as brute forcing passwords, exploiting vulnerabilities in network protocols or sending an email to mailing lists. 1 Dropper A piece of malware that is usually the initial part of an attack, and then downloads the next stages. 3 6

Summary: Deep Instinct Differentiators The Deep Learning neural network Brain Proprietary DL framework Raw data, 100% data Autonomous, no cyber expert is required Non-linear model: correlation and context within the data Omni-cybersecurity platform Any file type; Any major OS Any endpoint, server and mobile device Against any file / fileless-based attack Full protection: Prevent, detect & response Unique malware classification On-prem or cloud native by design Autonomous on-device prevention Lightweight: <50MB, <1% CPU Connectionless protection 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback