Introducing Infocyte Real-Time Security: Continuous Threat Monitoring for Endpoints & Cloud
This post was last updated on April 21st, 2020 at 03:37 pm
Infocyte has provided security service providers and customers with the most scalable cloud-based platform for responding to threats. It offers unique capabilities needed by threat hunters and responders such as agentless deployment, powerful memory analysis to find fileless threats, and extensible response actions.
Today, we are announcing the release of our much requested real-time security (RTS) module. Infocyte RTS adds two things to our existing historical and live forensic analysis capabilities:
- Continuous process monitoring
- Differential forensic analysis
As a result, security teams and security service providers are able to detect more threats, faster, and respond instantly without impacting network operations.
Key Product Enhancements
- Adds Continuous Monitoring and Real-Time Detection
- Automated live memory analysis to expose fileless threats faster
- Differential Forensic Analysis to enable lower footprint forensic data over time
- Options for agentless, temporary, or permanent agented deployments retained for assessment and IR partners
- Monitor, investigate, and hunt malicious activity—past, present, and future
Improving Endpoint Detection and Incident Response
Threat hunters, assessors, and responders typically employ a bag of tools to perform their job. The Infocyte platform is commonly used to get quick access, triage, and scale response, filling a role traditional real-time protection tools can’t cover like historical triage (what happened before I got here?), state memory analysis (what’s on these systems right now?), and customizable response.
Infocyte RTS closes the visibility gap between forensic analysis by adding modern behavioral analysis with real-time event data. Closing this visibility gap is a request we’ve often heard from discussions with our customer and partner community as it typically required a second tool being available or deployed alongside us.
How Infocyte Real-Time Security (RTS) Works
Initial Infocyte workflows like network discovery, deployment, agentless scanning will remain much the same but with some changes under the hood and additional options. Our endpoint agent has been combined with our forensic collector (survey) and can be deployed or installed in various configurations:
- In-Memory (Temporary) — Agentlessly deployed and resident in-memory only long enough to collect forensic data and perform any follow-on response actions. Automatically unloads from the system. Can be toggled to perform permanent installation if requested.
- Passive (Permanent) — Installed agent takes no CPU cycles. Remains dormant till requested to perform forensic collection or initiate response actions. These can be on-demand or scheduled as always.
- Monitored (Permanent) — Installed agent performs continuous monitoring and analysis. Deeper forensic analysis will be executed periodically or when certain behaviors present themselves.
Users can perform the same agentless collection and analysis they currently do and then, once approved, flip on monitor-mode to continuously watch the network and endpoints for changes and other malicious behaviors that might not be present in the forensic data. Response actions and deeper analysis or forensic analysis can be launched on top of the monitoring as needed as well.
How to Enable Real-Time Monitoring
Infocyte now offers on-demand, scheduled or continuous monitoring options for defined Target Groups. Target Groups are logical groupings of workstations, servers, regions, or asset classes. Simply select the Target Group you want to monitor, and toggle the detection method you’d like to utilize.
When you enable “continuous monitoring” on a Target Group, Infocyte automatically deploys our Real-Time Agent and begins monitoring those endpoints.
What Happens when a Threat is Detected?
Upon detecting any threats, Infocyte will analyze the malicious activity and alert your security team. Infocyte Extensions provide dynamic or scripted response options to facilitate deeper investigation or mitigate threats (i.e. terminate processes, isolate/restore compromised hosts, etc.).
The Future of Infocyte
Infocyte is dedicated and focused on providing security partners and customers with a scalable, easy-to-use cloud-based security platform for monitoring, detecting and responding to threats within a network environment. Whether you are a security analyst responding to security threats or a security provider providing remote detection and response to many.
With this new continuous monitoring capability, Infocyte is the only cloud-based security platform with the capability to:
- Collect, process, and analyze comprehensive static forensic data and real-time behavioral events
- Perform agentless asset discovery and deployment
- Deploy custom, scriptable response actions through official and community extension modules
Infocyte’s vision as a cloud-based real-time security platform puts you in control of your security, ensuring seamless visibility across managed and unmanaged assets, cloud workloads and SaaS applications. Infocyte believes in open, customizable detection analytics and flexible, dynamic response. We will remain committed to our partners and those on the front lines of security.
Enabling Infocyte RTS with New Packages
For cybersecurity firms, consultants, and incident responders, Infocyte enables the delivery of better, faster, and more cost-effective security services, including threat assessments, incident response and Managed Detection and Response (MDR). Inquire about our tailored subscription and partner packages built for flexible engagements: Infocyte ASSESS and Infocyte RESPOND.
For MSSPs and corporate security customers, Infocyte will help you monitor, hunt, and respond to control dwell time and significantly reduce time to detect and respond. Inquire about Infocyte MONITOR which includes the full suite of ASSESS and RESPOND capabilities but tuned for continuous usage.