Chasing APTs: How a Hunt Evolves

Good Hunting

Last week Infocyte was doing a product demo for a partner who wants to do compromise assessments (like these guys). They chose an existing client to do a limited scan using our product, selecting a handful of systems… and we found something interesting.

Now that’s not the interesting part; we find things all the time. In fact, more than half of organizations that our product is run on (i.e. compromise assessments) have some unauthorized or malicious code in their network. The interesting part here was the evolution of this particular assessment and follow on incident response engagement + the fact that they didn’t ask for privacy or an NDA (which we usually do), so I get to talk about it (which I usually don’t).

As with many incident response engagements, this one was full of audible facepalms, raised eyebrows, excitement, and then deflation… all in about a 4 hour period.

Read the full post on CEO Chris Gerritz’s blog Good Hunting

See Infocyte HUNT in Action. Request a Live Demo.

Request a Live Demo of Our Award-winning Threat Hunting and Incident Response Platform.

More from our blog

cybersecurity siem alert validation fatigue

Security Brief: SIEM Alert Validation and the Dangers of Alert Fatigue

March 27, 2019

Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.

Read More »
2018 healthcare data breaches report

5 Takeaways From Reviewing 2018’s Healthcare Data Breaches

March 19, 2019

In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…

Read More »
hidden cyber attacks

Hunting, Detecting, and Responding to Hidden Threats Using FSA

March 12, 2019

A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…

Read More »