2019 in Review and What’s Next for Infocyte
In 2019, we made several significant improvements to our product, delivery model, and service offerings. In other words, a lot has changed. However, our primary goal has always remained the same: Enable cybersecurity professionals to easily hunt, detect, and respond to threats their prevention tools miss.
Here’s an overview of the improvements we made in 2019, and what we have planned for 2020…
The new features and functionality introduced this year are the result of hard work, feedback, and ideas from our amazing dev team, co-founders, customers, and partners. Thank you all for your support.
Executive Overview Dashboards
Upon logging into our detection and response platform, users are now met with an interactive dashboard, complete with charts, metrics, and important alerts. Infocyte’s new Dashboards give users (incident responders, security analysts, and executive stakeholders) a snapshot view of their security hygiene, cyber risk, and overall health of their IT environment.
KPIs include: mean time to detect, mean time to respond, dwell time, and more. Risks, vulnerabilities, threats, and new items (hosts, accounts/identities, artifacts, etc.) are also highlighted in our Dashboards.
Early this year, application vulnerability scanning became generally available. Shortly after being introduced, our vulnerabilities scanning engine was also updated and fine-tuned to reduce false positives—which create noise for security analysts and incident responders. Application vulnerabilities highlight potential risks in your IT environment that cyber attacks can exploit to gain access to your assets and data.
Alert Routing (Webhooks)
In an effort to streamline cyber incident response investigations—specifically, being alerted to malicious threats in your environment—we introduced alert routing via webhooks. Now, users can customize the alerts they receive inside our detection and response platform and how they are handled (i.e. delivery, message payload, and destination) via third party integrations.
SOAR Integration (Swimlane)
Security Orchestration Automation and Response (SOAR) platforms, like Swimlane, help security teams streamline incident response by replacing manual analyst intervention with automated decision making (e.g. “is this a real threat?” or “what response action should we take?”). Infocyte’s SOAR platform integration with Swimlane can be used to automate alert validation and forensic inspections.
Detection and Response for AWS Cloud Environments
As the leading cloud computing provider, AWS hosts hundreds of thousands of applications, websites, databases, and more on behalf of businesses in 190 countries around the world. In 2019, Infocyte introduced agentless detection and response capabilities for AWS EC2 instances through the AWS API. This new functionality enables security analysts and incident responders to detect, investigate, and respond to threats within your AWS infrastructures without a persistent agent.
Additionally, Infocyte’s AWS module can be leveraged to continuously enumerate and collect IAM Roles, which is helpful during IT asset discovery (a key step during cyber threat hunting and incident response investigations). Infocyte also pulls AWS CloudTrail Events to assist incident response teams during root cause analysis and security incident investigations, helping them build a timeline of events from initial detection through isolation and threat remediation.
Support for MacOS Environments
Need we say more? In addition to protecting Windows and Linux environments from sophisticated threats (file-less malware, ransomware, hidden breaches, and more) Infocyte now offers the same speed, flexibility, and ease of use in detecting and responding to threats, to MacOS users.
Dwell Time Visualizations and Dashboards
A large part of any security analysts job is to understand how data hygiene, asset visibility/access, and endpoint security within their IT environment has improved over time. To aid security personnel in this monumental task, Infocyte rolled out new dwell time dashboards to track and highlight changes in mean time to detect (MTTD), mean time to respond (MTTR), and time to recover from security incidents. These KPIs (and more) are automatically tracked within your Infocyte instance and provide a historical view up to six weeks in the past.
In response to feedback from our partners and to enable better support for large, disparate IT environments, Infocyte now allows you to logically assign Controllers (the deployment mechanism for our agentless survey/scanner) to Target Groups (groups of assets—endpoints, servers, systems, etc.—within your IT environment). Controller Groups increase the inspection throughput and performance, helping security teams detect, respond, and recover—faster.
Last, but certainly not least, we announced the availability of Infocyte Extensions. Extensions, which fall into two categories (collection/analysis and action/response) provide security teams with virtually endless capabilities from interacting with your SIEM and SOAR solutions to automating incident response actions, such as isolating a host or restoring connectivity to a server after remediation efforts are complete.
What’s in store for 2020?
Today, Infocyte is used extensively for cyber security compromise assessments and incident response engagements. But, between major IT risk assessments and IR cases, users expect to be alerted—as soon as possible—when a problem or new security incident arises…
To close this “visibility gap” between scans, Infocyte will soon introduce a real-time security solution. With this new functionality, Infocyte will become the only detection and response platform with the capability to collect, process, and analyze both real-time events and static forensic data with customizable collection and response actions (Extensions).