deep instinct for mssps · 2019. 8. 12. · mssp level and assign them as needed per tenant. the...
TRANSCRIPT
-
1WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Deep instinct For MSSPs
Deep Instinct SolutionDeep Instinct is the first and only Endpoint & Mobile Cybersecurity solution that is based on a proprietary deep learning framework that was specifically designed for cybersecurity. Our solution provides detection and prevention, against any file-based or file-less attack, for every operating system, on any device, in one unified platform, delivering unmatched accuracy and efficiency.The result - unparalleled cybersecurity prowess in blocking and preventing even the most evasive unknown, first-seen malware, including Advanced Persistent Threats (APT), zero-day attacks, and ransomware.
Deep Instinct provides the best Advanced EndPoint Solution with Multi-Tenant Management specifically built for MSSPs – allowing you to extend your offering with minimal overhead to your team.
Why partner with us?AEP Security:
Offer your customers an easy to use Advanced Endpoint and Mobile Protection with the highest detection rates and lowest false positives for all their devices - Windows, Mac, Android and iOS
ManagementManage your customer’s deployed AEP product via a unified, scalable, simple to use, web-based management console that supports a totally segregated Multi-Tenant environment built specifically for MSSPs
Customer SLAs:Meet your customer’s strict SLA requirements for handling malwares & APTs through the autonomous Deep Instinct client’s immediate Prevention (or detection and response) with minimal overhead to your team
Go-to-Market:Get Deep Instinct expert assistance to set up the operation; receive training and materials to position & sell the new offering. Manage and support any support issue during business days or on 24x7 basis
Ease of Business:Low setup costs, flexible licenses scheme through quarterly billed license bundles with a single, all inclusive price per seat
-
2WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Deep instinct For MSSPs
Program Highlights:
Sign up to the MSSP program (through approaching your distributor or Deep Instinct representative) and get started within weeks
You will be able to offer your customers the Deep Instinct Advanced Endpoint and Mobile Protection Product on a cost per device quarterly fee basis.
• Get bulks of endpoint and mobile licenses anddistribute to your customers as needed
• Recurring revenue opportunity usingquarterly billing
Manage Deep Instinct deployments to multiple segregated customers from a single management infrastructure, using a unified management console built specifically for MSSPs.
• Connect the Deep Instinct environment toyour SIEM/syslog infrastructure
• We support another hierarchy level (i.e. “MSPof MSSPs”)
Deep Instinct will help you with the operation setup and provide the following resources to enable you to sell and continuously provide the service to your customers:
• Deployment of the dedicated Multi-Tenancyserver.
• Annual on-site training for the MSSPpersonnel on how to position, sell, manage and maintain the Deep Instinct product.
• Marketing and technical material on theDeep Instinct product.
• Backend technical support for any issue thatwill arise – two tiers:• Standard support, during business days• Premium support, 24x7 basis for an
additional fee
• A quarterly co-branded threat-analysisreport that includes all events detected and prevented for the customer that quarter – the MSSP can send the report to all their customers
-
3WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Deep instinct For MSSPs
Deep Instinct™ Architecture:
Continuous Deep Learning
D-Cloud Services (Optional)
managment
Management Server Management Console
Autonomous Analysis EntitiesD-Clients
Deep instinctTM neural network
Deployments, brain and policy updatesFile
Classi
ficat
ions
Prediction Model
-
4WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Deep instinct For MSSPs
Deep Instinct™ Protection Layers
PRE-EXECUTION On-Access Static file-based analysis - Real-time threat prevention using a lightweight prediction model based on deep learning (D-Brain) that autonomously prevents zero-day and APT cyber threats. Supports the broadest file types in the industry, including executable files (PEs), PDF, Office files, archive files and more.
D-Cloud services – Provides a fast and scalable file reputation infrastructure in the cloud (AWS) adding a second layer of validation & protection. The service is optional and can be disabled by policy.
Script control – Protects against fileless attacks that are based on scripts, including PowerShell, JavaScript, VBScript, HTML applications and more.
Macro control – Using the D-Brain, identifies files containing embedded macros and determines whether the macro is malicious or benign.
ON-EXECUTION Behavioral analysis – Provides an additional layer of protection for extended coverage of file-less attacks by monitoring and preventing on-execution malicious behavior, including Ransomware, code injection and shellcode attacks .
POST EXECUTION: Response and RemediationRemediation – Once a problem has been identified, it is resolved using Deep Instinct's response and remediation features, including file quarantine, file restore, file delete, terminate process, infographic of the process chain and more.
Deep Classification – Determines the malware family type of PE (Portable Executable) files. After a PE file is scanned by the D-Brain and detected as malicious, the file is scanned again by the Deep Classification brain providing results in milliseconds. Our classification model categorizes the malware into 7 different types: Ransomware, Backdoor, Dropper, Virus, Worm, Spyware and PUA.
Scanning – Performs a full file scan during the initial installation to identify pre-existing malware and new threats on the device. Scheduled periodic scans can be implemented, as defined by the administrator.
Autonomous on-device protection detecting and preventing threats in real- time without requiring any supplemental analysis.
No action
Prevention
Deep Classification
New File
-
5WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Deep instinct For MSSPs
Deep Instinct™ Management
Monitoring - Easy monitoring of the organization's security and deployment status.
Easily integrates to MSSPs SMTP and SIEM environments.
Group based Policy - Provides tools for configuring the organization's security policy. Manages different policies for groups or individual devices. Groups can be imported from the Active Directory tree, or pre-defined according to device name, OS version, D-Client version, IP range, tag, Tenant ID and more.
Intelligence - Provides an Advanced Threat Analysis feature that performs additional threat analysis for any malware file identified. Produces reports with a wide range of information for further analysis.
Logs and Reports - Provides advanced logging and reporting capabilities for security, deployment and threat analysis events. Integrates with lead SIEM products and SMTP servers for log forwarding.
Role Based Access Control - Ability to set different user roles to groups or individual users in the organization.
Simple Deployment and Registration Flow - Integrates with Windows deployment tools, such as SCCM or GPO. Upgrades directly from the management console. Does not require rebooting after installation or upgrade.
Flexible Licensing – Get bulks of licenses at the MSSP level and assign them as needed per tenant.
The management system uses a central cross-platform management and monitoring server, hosted in AWS for maximum scalability, manages all endpoints (desktop, server and mobile devices).
Multi-Tenancy - Provides MSSPs with the capabilities to manage all entities from the same instance and management console. It includes features to allow administrators and SOC teams to manage multi-MSP and multi-tenant environments. Using the Multi-Tenancy feature you can define a management instance per customer (tenant) that is fully segregated for the other tenants.
The regular Management Console allows the MSSP to manage multiple tenants. Each tenant has his own dedicated dashboard, policies, deployment monitor, and event management panel.
A new console, The MSP Hub, allows control over several MSPs and their relevant tenants
Integrator
MSP-1 MSP-2 MSP-3
Tenant 1.1
Tenant 1.2
Tenant 1.3
Tenant 2.1
Tenant 2.2
Tenant 3.1
Tenant 3.2
-
6WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Threat Analysis Report customer name 04/19/2018 - 05/19/2018
hightlightsintro
4 Ransomware attacks were detected and prevented
2 Spyware were detected and prevented
3 Worms were detected and prevented
Deep Instinct™ provides real-time detection and prevention of
malware, zero-day threats and advanced persistent threat (APT)
for endpoints and mobile devices. The proactive protection
provides unprecedented accuracy in detection and real-time
prevention, protecting the organization’s entire assets from
any threat (known and unknown). This threat analysis report
provides analysis for the events occurred during the dates
04/19/2018 - 05/19/2018.04/19/2018 - 05/19/2018.
27
3 3
15
Very High High LowModerate
Unique
Prevented
Unique
74
Open44
25
48 Unique
Open
0
25
Executive Summary
Top Risks devices
Top Risks Users
ADRMS2012 LAP-PC SM-T533 SM-T533LAP-PC
35 113541 11
adam.m john.d bill.k john.dadam.m
35 113541 11
Events Threat Severity File Events Script Events
1
Deep instinct For MSSPs
Deep Instinct™ Technical Support
Deep Instinct’s Technical Services Organization will handle any technical issue you may encounter– missing knowledge on how to use the product, errors or issues encountered by using the product, etc. as well as additional services to ensure high level of customer success using Deep Instinct from the get-go and throughout the lifecycle.
Standard Support Premium Support
Hot Fixes
New Versions
Unlimited Support
Support Availability Business Days: 9 x 5 All Days: 24 x 7
First time ResponseCritical: 2 HoursHigh: Next-Business-DayOther: Next-Business-Day
Critical: 30 MinutesHigh: 4 HoursOther: 8 Hours
Work on Fix Business Days Continuous
Follow-up FrequencyCritical: DailyHigh: DailyOther: twice a week
Critical: Every 8 HoursHigh: DailyOther: twice a week
Periodic ReportPeriodic Report of Threat Analysis findings at your customer’s environment – statistics, events, analysis of malicious files etc. (you can provide your customers quarterly to show the value)
Sample Periodic Threat AnalysisReport:
Threat Analysis Report customer name 04/19/2018 - 05/19/2018 event analysis
53
Files that were tagged mistakenly as malicious.
It is recommended to whitelist prevention or detection events.
Files that were recovered by the D-Cloud file reputation.
No action should be taken.
Not Available. Files that were not available for Deep Instinct’s analysis.
For further analysis recommendations, it is recommended to share the files with Deep Instinct.
Legitimate tools in its nature that are already installed in the victim’s environment, or admin, forensic or system tools
that are usually used by network administrators. Those tools can be abused maliciously.
It is recommended to keep prevention events as prevented and to blacklist any detection events as long as it
does not harm organizational functionalities.
Potentially Unwanted Application.
Any software that can compromise privacy, weaken the computer’s security, deceive the victim into scams or being used
to gain money by using ads. Legitimate software often bundle such unwanted applications with their original software to
gain money, and may not provide a clear option to not installing it.
It is recommended to keep prevention events as prevented and to blacklist any detection events as long as it
does not harm organizational functionalities.
Malicious software.
Any file/software created to disrupt a computer, gather sensitive information, or gain access to private data.
It is recommended to keep prevention events as prevented, and to blacklist any detection events.
PUA
Admin tool
False Positive
D-Cloud verified
n/a
Malware
2
False Positive
N/A
2014 14
4
17
D-Cloud verified
Admin ToolPUA
Malware
Ransom software. Malware that locks the usage of the computer, by encryption of files, locker screen or by damaging the hard disk.
Spying software. Malware that gathers information from the end user, such as passwords, keystrokes or cookies.
Malware that opens an access for an attacker to send additional commands (manually, or automatically as part of a bot/botnet system).
Ransomware
Spyware
Backdoor
Malware that has infection capabilities of other files in local the computer, to get persistence.Virus
A piece of malware that is usually the initial part of an attack, and then downloads the next stages.
Malware that has propagation capabilities. It tries to spread out to other computers using various methods, such as brute forcing
passwords, exploiting vulnerabilities in network protocols or sending an email to mailing lists.Worm
Dropper
Ransomware
Spyware
Backdoor
Virus
Worm
Dropper
25
30
20
10
8
7
Threat Analysis Report customer name 04/19/2018 - 05/19/2018 event analysis
3
PE
15
35
30
40
25
30
15
35
30
40
25
Mach-O
Office
Macros
PDF
rtf
SWF
TIFF
Fonts
JAR
Archive
-
7WWW.deepinstinct.com | @2018 Deep Instinct. All Rights Reserved
Deep instinct For MSSPs
Summary: Deep Instinct Differentiators
The Deep Learning neural network “Brain“
• Proprietary DL framework
• Raw data, 100% data
• Autonomous, no cyber expert is required
• Non-linear model: correlatioN and context within the data
Omni-cybersecurity platform
• Any file type; Any major OS
• Any endpoint, server and mobile device
• Against any file / fileless-based attack
• Full protection: Prevent, detect & response
• Unique malware classification
• On-prem or cloud native by design
Autonomous on-device prevention
• Lightweight: