How Infocyte Eliminates Cyber Risk Within The NIST Framework
This blog is part two in our ROI series on reducing cyber risk and how Infocyte HUNT reduces your risk within the NIST framework. This post drills down into the managed detection and response (MDR) capabilities that can lower your overall risk and how Infocyte enables them for our partners and subscription customers.
Based on our experiences in over 3,000 different missions and investigations, we offer customers 8 key capabilities that map to a more detailed explanation of the NIST cybersecurity framework. We provide these capabilities to platform subscribers and through our network of certified service delivery partners.
Infocyte HUNT Controls
Here is a close look at these capabilities and the eight key controls we provide through our Infocyte HUNT platform. Infocyte’s Command-level subscribers get the power of our hosted software platform along with premium support from trained cybersecurity specialists and incident responders at Infocyte’s Security Operations Center (SOC) or through our global network of partners.
For our partners, Infocyte represents the fastest turn-key path to delivering MDR-type services.
|Control||NIST Category||Critical Control|
|I1||IDENTIFY - Asset Management||Do I know all of my networked assets and where they are? |
Actively discover networked assets in your network -- Any device (physical or virtual) with an IP and common ports and protocols exposed. What applications are being hosted? Do I have full coverage of logging and preventative tools?
|I2||IDENTIFY - Vulnerability Management||What applications are installed in my network? Which are vulnerable?|
Enumerate installed applications, their versions, and any known advisories (vulnerabilities) to gain unprecedented visibility.
|D1||DETECT - Anomalies and Events||Do I have visibility on attacks that get through my security controls?|
Proactively discover threats in your network that may have evaded existing security controls
Includes Forensic State Analysis (FSA), an automated forensics approach to discovery with the most advanced live memory inspection available.
|D2||DETECT - Continuous Monitoring||Compliments network and endpoint signature or behavioral monitoring with deeper inspection of the OS and forensic artifacts. Continuous collection and assessment on selected intervals.|
|R1||RESPOND||Am I able to reach ALL endpoints in the event of an incident?|
How quickly can I triage and scope an attack?
Can I characterize these risks when found?
Investigate and confirm suspicious indicators and alerts by inspecting suspicious systems. Includes automated enrichment of collected forensic data.
|R2||RESPOND - Root Cause||What was the root cause / patient zero? |
Quickly collects and analyzes forensic triage data to determine scope of incident and collect samples of malicious code or applications.
Automated timeline construction.
Instantly recover samples of malicious code or applications, whether in-memory (fileless) or on disk.
|R3||RESPOND - Mitigate and Contain||Once fixed, can I validate the network is clean and no other backdoors remain?|
Assist with isolating and remediating the impacted hosts
|R4||RECOVER||Enough data and context to learn from the attack and improve. Recovery strategies updated, Security Policies and capabilities updated as required.|
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »