Deep Instinct proudly announces the release of Version 2.1, in which we introduce:
- Deep Classification – The ability to classify malware families using Deep Learning
- Additional remediation options – Terminate a running process
- Detailed security event page
- Versions page
- SIEM enhanced integration and official certifications
- Other new and exciting features
In this post, we list some of the main highlights in the new version, which is just some of the many new features you will encounter while working with Version 2.1.
1. Deep Classification: The Ability to Classify Malware Families
By using Deep Learning in cybersecurity, we are able to detect and prevent malicious files in real time. Once our prediction model (D-Brain) has learned to identify such malicious files, its identification becomes second nature. That said, we have taken this one step forward. Once we have identified an attack, the question remains – what’s next?
We have developed a malware classification model to help Security Operation Center (SOC) and Incident Response (IR) teams understand what they are dealing with after a malware is prevented, enabling them to respond as quickly as possible, thus saving them time and money.
Our classification model categorizes the malware into 7 different types: Ransomware, Backdoor, Dropper, Virus, Worm, Spyware and PUA.
The classification model enables SOC and IR teams to understand what has been prevented, further enabling them to evaluate the type of attack an organization might be under, even when the malware has never been encountered before.
2. Additional Remediation Capabilities: Terminating a Running Process
Processes from prevented files are always blocked. When the policy setting is defined where the file is only detected (not prevented), the D-Client reports the file to the management server but does not block the process.
With Version 2.1, the administrator can remotely terminate a running process of a detected file to remediate the problem from the Management Console.
3. Detailed Security Event Page
The main benefits of this new feature are:
- File analysis and malware classification
- Better visibility of actions taken to contain and remediate event incidents
- Implementation of a detailed process chain infographic of malicious threats to extend forensics analysis
- Integration with Deep Instinct’s existing Advance Threat Analysis (static analysis, screenshots, dynamic analysis etc.)
- One-click commands to:
- Search for the file in public repositories – Virus total, AlienVault, Google
- View other events related to the same file
- View other devices related to the same file
4. Version Release History Page
This page displays Deep Instinct versions that are available to be downloaded and installed. The page includes versions for Windows, Android, and iOS D-Clients, and includes release highlights, access to the Release notes and installer files.
5. SIEM Enhanced Integration and Official Certifications
In Version 2.1, Deep Instinct has enhanced SIEM integration capabilities, providing a smooth integration with leading SIEM products. From the Management Console, the security admin can now apply the following SIEM integration settings:
- Selecting the type of syslog format between CEF, LEEF and RFC5424.
- Selecting the transfer protocol between UDP, TCP and TLS over TCP.
- Selecting multiple types of events to be sent to the SIEM product to reduce analysis effort and cost. For example, the security admin can select to send only critical security events and D-Clients’ connectivity events.
Additionally, Deep Instinct has partnered with several leading SIEM vendors (Splunk, Micro Focus ArcSight, and IBM QRadar) to provide the best SIEM integration capabilities for its customers.
Deep Instinct App has been officially certified by Splunk team. The app is available for download from splunkbase
Deep Instinct has been officially certified by Micro Focus (formerly HPE) ArcSight team. The ArcSight configuration guide for Deep Instinct logs is available for download from Micro Focus Marketplace
We have also developed a DSM (Device Support Module) for IBM QRadar. The DSM is under review by the QRadar team and is expected to be certified soon.
More details about each of the SIEM partnerships will be provided in a separate upcoming post.
6. Additional New Features:
- TLS1.2 enforcement – for client-server communication
- Additional file type support – SWF (Flash)
- Script control improvements – ability to whitelist scripts by name, path and command, including wildcard support
- Import hashes list to blacklist and whitelist
- Proxy settings update of the D-Appliance from the management console
Version 2.1 is an exciting and innovative new release that combines many new features with enhanced capabilities and user interface options. In addition to what we have detailed in this short summary, the release contains many new features and updates. Rest assured that the Deep Instinct team is hard at work, researching and developing more updates and protection layers.
To learn more, contact us for details.