
Endpoint Protection
Deep Instinct DSX
Deep learning that preemptively blocks zero-day threats across cloud, NAS, apps, and endpoints.
Deep Instinct DSX Overview
What it does
The Deep Instinct DSX Platform is a prevention-first cybersecurity platform built on a deep learning model, rather than the classical machine learning used by most endpoint tools, to stop threats before they execute. It classifies files at the point of access, blocking never-before-seen threats including zero-day malware and ransomware ahead of detonation rather than detecting them afterward. This design shifts protection away from the post-breach 'assume breach' detection-and-response model toward proactive, pre-execution prevention across endpoints, servers, and storage.
How it works
Founded in 2015 in Tel Aviv, Israel by Guy Caspi, Dr. Eli David, and Nadav Maman, Deep Instinct is headquartered in New York City with R&D operations in Tel Aviv. The company has raised $322M in funding from investors including PayPal Ventures, BlackRock, NVIDIA, and Millennium Technology Value Partners. In September 2022, Lane Bess (former CEO of Palo Alto Networks and COO of Zscaler) became CEO, bringing over 35 years of cybersecurity experience to lead the company's growth.
Credentials and traction
Deep Instinct is certified SOC 2 Type II and holds ISO/IEC 27001, 27017, and 27018:2019, with its platform PCI DSS-validated by Coalfire and assessed as suitable for GDPR requirements. The company was included in the 2022 Gartner Magic Quadrant for Endpoint Protection Platforms as that year's only newly added vendor, and recorded a 100 percent prevention score in the 2022 MITRE Engenuity ATT&CK Evaluations for Enterprise. Named customers include American Express, Honeywell, Norwegian Cruise Line, Carnegie Mellon, and Seiko Holdings Group.
Key Capabilities
mapped to solution categoriesExecutes endpoint response actions automatically upon confirmed detection (process termination, file quarantine, registry key removal, and ransomware rollback), without waiting for analyst approval. Scope of automated actions and rollback fidelity are the primary quality differentiators.
Blocks exploit techniques at the point of execution (memory injection, process hollowing, credential dumping), independent of whether the exploited application or CVE is known.
Detects and blocks malware using behavioral analysis and ML models rather than signature matching. Prevents execution of known and novel malware including script-based and fileless attacks.
Detects ransomware encryption activity using behavioral signals and restores affected files from shadow copies or local snapshots. Rollback depth and speed are primary quality metrics.
Detects and blocks endpoint threats using behavioral analysis of endpoint, application and user activity.
Provides an embedded AI assistant for alert summarization, investigation and response guidance.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 27, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.