Managed Detection & Response (MDR)

nist cybersecurity framework

How Infocyte Eliminates Cyber Risk Within The NIST Framework

This blog is part two in our ROI series on reducing cyber risk and how Infocyte HUNT reduces your risk within the NIST framework. This post drills down into the managed detection and response (MDR) capabilities that can lower your overall risk and how Infocyte enables them for our partners and subscription customers.

Based on our experiences in over 3,000 different missions and investigations, we offer customers 8 key capabilities that map to a more detailed explanation of the NIST cybersecurity framework. We provide these capabilities to platform subscribers and through our network of certified service delivery partners.

nist framework managed detection and response

Infocyte HUNT Controls

Here is a close look at these capabilities and the eight key controls we provide through our Infocyte HUNT platform. Infocyte’s Command-level subscribers get the power of our hosted software platform along with premium support from trained cybersecurity specialists and incident responders at Infocyte’s Security Operations Center (SOC) or through our global network of partners.

For our partners, Infocyte represents the fastest turn-key path to delivering MDR-type services.

ControlNIST CategoryCritical Control
I1IDENTIFY - Asset ManagementDo I know all of my networked assets and where they are?
Actively discover networked assets in your network -- Any device (physical or virtual) with an IP and common ports and protocols exposed. What applications are being hosted? Do I have full coverage of logging and preventative tools?
I2IDENTIFY - Vulnerability ManagementWhat applications are installed in my network? Which are vulnerable?
Enumerate installed applications, their versions, and any known advisories (vulnerabilities) to gain unprecedented visibility.
D1DETECT - Anomalies and EventsDo I have visibility on attacks that get through my security controls?
Proactively discover threats in your network that may have evaded existing security controls
Includes Forensic State Analysis (FSA), an automated forensics approach to discovery with the most advanced live memory inspection available.
D2DETECT - Continuous MonitoringCompliments network and endpoint signature or behavioral monitoring with deeper inspection of the OS and forensic artifacts. Continuous collection and assessment on selected intervals.
R1RESPONDAm I able to reach ALL endpoints in the event of an incident?
How quickly can I triage and scope an attack?
Can I characterize these risks when found?
Investigate and confirm suspicious indicators and alerts by inspecting suspicious systems. Includes automated enrichment of collected forensic data.
R2RESPOND - Root CauseWhat was the root cause / patient zero?
Quickly collects and analyzes forensic triage data to determine scope of incident and collect samples of malicious code or applications.
Automated timeline construction.
Instantly recover samples of malicious code or applications, whether in-memory (fileless) or on disk.
R3RESPOND - Mitigate and ContainOnce fixed, can I validate the network is clean and no other backdoors remain?
Assist with isolating and remediating the impacted hosts
R4RECOVEREnough data and context to learn from the attack and improve. Recovery strategies updated, Security Policies and capabilities updated as required.

Contact us to learn more about our MDR services or request a demo to see Infocyte HUNT in action.

See Infocyte HUNT in Action. Request a Live Demo.

Request a Live Demo of Our Award-winning Threat Hunting and Incident Response Platform.

More from our blog

cybersecurity siem alert validation fatigue

Security Brief: SIEM Alert Validation and the Dangers of Alert Fatigue

March 27, 2019

Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.

Read More »
2018 healthcare data breaches report

5 Takeaways From Reviewing 2018’s Healthcare Data Breaches

March 19, 2019

In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…

Read More »
hidden cyber attacks

Hunting, Detecting, and Responding to Hidden Threats Using FSA

March 12, 2019

A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…

Read More »