infocyte hunt mdr platform updates

New Features: Email Alerts, In-app Chat Support, and More

We continually strive to update and develop new features for Infocyte HUNT based on customer and partner feedback, as well as the changes in the threat landscape. Here is a brief breakdown of some changes we’ve implemented this quarter.

Key New Features

  • In-app Chat Support
    The Help button now opens a chat support window, connecting you directly to both our security analysts and/or support team.
  • Integrated Support Center
    Our support portal is also being transitioned to a new Support Center, where you’ll find self-help articles, tutorials, and more. In the meantime, simply ask questions via in-app chat or start a dialog with our customer success team via email.
  • Email Alerting
    Don’t have a SIEM? Set up email alerts based on scans, or daily/weekly email alerts within your user profile page.
  • Linux Binary Verification Improvement
    Linux reputation and threat intel has been historically difficult compared to the data we have available for Windows. As such we’ve had to use new approaches. This quarter, we enhanced our Linux package manager verification system to increase confidence, so binaries validated with their package manager (listed as “Managed”) are now listed as Low Risk (vs Unknown). We’re making additional enhancements to Linux analysis as we approach the general release of our AWS (cloud workload security) module.
  • Batch Binary Submissions (Sandboxing)
    The limit for our heaviest binary analysis (includes sandboxing) has increased to 250 per submission from 100.
  • Client-side Encrypted Credential Verification
    Controllers will now verify client-side encrypted credentials used the correct client-side passphrase before using the credentials. The controller will report a failure like this as “incorrect client-side encryption passphrase”. Note: This is a zero knowledge check on the controller since our cloud components have no knowledge of the encryption keys. This will solve situations where two controllers with two different client-side passphrases had caused account lockouts.
  • Full Script and Powershell Content Submissions
    Active scripts and powershell encoded content are now all stream analyzed. Our intention is to move toward a no (or tight) storage policy for scripts and powershell content since they could potentially include sensitive credentials.

Bug Fixes, Performance Improvements, and Other Changes

  • Updated our Root Cause Analysis (RCA) module, Activity Trace with additional windows event log types and added a filter option for event type.
  • Improved detail fields for in-memory injects and scripts to make analysis more intuitive.
  • Enriched logging detail for enumeration/discovery and scan progress to includes error reporting during survey load and analysis phases. We’re enriching these further with a whole set of access and credential checks to help diagnose agentless access issues.
  • A new general information admin panel contains customer information and point of contact for administrators. This will help ensure the Infocyte customer success team is in contact with the correct people responsible for maintaining and administering Infocyte. Be on the lookout for additional changes and rearrangements of settings and administrative functions.

Planned Features, Coming Soon

  • Dashboard and Analytics
    Keep track of KPIs related to your organization’s cyber risk, exposure, time-to-detect, time-to-respond, and overall security metrics.
  • AWS Scanning Module
    IAM, CloudTrail, and EC2 discovery and scanning via AWS API.
  • New Vulnerability Triage Service
    We’re working to significantly reduce application vulnerability false positives and improve the correlation/prioritization of application and environmental vulnerabilities.

Please feel free to reach out with any questions, ideas, and/or feedback!

Posted in ,