This blog is part two in our ROI series on reducing cyber risk and how Infocyte HUNT reduces your risk within the NIST framework. This post drills down into the managed detection and response (MDR) capabilities that can lower your overall risk and how Infocyte enables them for our partners and subscription customers.
Based on our experiences in over 3,000 different missions and investigations, we offer customers 8 key capabilities that map to a more-detailed explanation of the NIST cybersecurity framework. We provide these capabilities to platform subscribers and through our network of certified service delivery partners.
Infocyte HUNT Controls
Here is a close look at these capabilities and the eight key controls we provide through our Infocyte HUNT platform. Infocyte’s Command-level subscribers get the power of our hosted software platform along with premium support from trained cybersecurity specialists and incident responders at Infocyte’s Security Operations Center (SOC) or through our global network of partners.
For our partners, Infocyte represents the fastest turn-key path to delivering MDR-type services.
|Control||NIST Category||Critical Control|
|I1||IDENTIFY - Asset Management||Do I know all of my networked assets and where they are? |
Actively discover networked assets in your network -- Any device (physical or virtual) with an IP and common ports and protocols exposed. What applications are being hosted? Do I have full coverage of logging and preventative tools?
|I2||IDENTIFY - Vulnerability Management||What applications are installed in my network? Which are vulnerable?|
Enumerate installed applications, their versions, and any known advisories (vulnerabilities) to gain unprecedented visibility.
|D1||DETECT - Anomalies and Events||Do I have visibility on attacks that get through my security controls?|
Proactively discover threats in your network that may have evaded existing security controls
Includes Forensic State Analysis (FSA), an automated forensics approach to discovery with the most advanced live memory inspection available.
|D2||DETECT - Continuous Monitoring||Compliments network and endpoint signature or behavioral monitoring with deeper inspection of the OS and forensic artifacts. Continuous collection and assessment on selected intervals.|
|R1||RESPOND||Am I able to reach ALL endpoints in the event of an incident?|
How quickly can I triage and scope an attack?
Can I characterize these risks when found?
Investigate and confirm suspicious indicators and alerts by inspecting suspicious systems. Includes automated enrichment of collected forensic data.
|R2||RESPOND - Root Cause||What was the root cause / patient zero? |
Quickly collects and analyzes forensic triage data to determine scope of incident and collect samples of malicious code or applications.
Automated timeline construction.
Instantly recover samples of malicious code or applications, whether in-memory (fileless) or on disk.
|R3||RESPOND - Mitigate and Contain||Once fixed, can I validate the network is clean and no other backdoors remain?|
Assist with isolating and remediating the impacted hosts
|R4||RECOVER||Enough data and context to learn from the attack and improve. Recovery strategies updated, Security Policies and capabilities updated as required.|