Expanding Infocyte’s Threat Intelligence and Response Function
This post was last updated on March 29th, 2021 at 09:23 am
At its core, Infocyte’s mission has always been to help our customers and partners to find, investigate and purge cyber threats from their networks. We do this through our automated SaaS platform and the expertise of our team. The challenge is security teams find themselves battling increasingly advanced threats. Infocyte fields more and more inquiries on how to best identify, scope and resolve the latest security incidents and vulnerabilities. Following the massive Sunburst, Microsoft 365 and Hafnium Exchange hacks, Infocyte has heard these calls and is creating a dedicated team to help our users fight these types of attacks.
Today, we are excited to announce that Infocyte has formed a new dedicated threat intelligence and response team whose goal is to work directly with our customers and partners to hunt and respond to the latest threats. As co-founder and our most experienced threat hunter, Chris Gerritz will be leading this function as our Vice President of Threat Intelligence and Response.
Virginia Parmley, Infocyte’s Vice President of Marketing, sat down with Chris to get his take on the importance of this new function and how this is a critical step for Infocyte to continue evolving to meet the changing needs of its customers and partners.
Q: Why did you originally start Infocyte with Russ?
Before Russ Morris and I founded Infocyte, we were building and leading a new threat hunting and nation-state focused Defensive Counter-Cyber capability within the US Air Force CERT. In that role, we performed thousands of enterprise-wide proactive threat hunts and handled responses to major nation state attacks. When we founded Infocyte, we wanted to solve challenges that we knew the market didn’t have solutions for. We wanted to make threat hunting and response easier for small or mid-sized organizations that didn’t have the security budget of the US Military.
Q: How has the company progressed since then?
Over the last six years, Infocyte has helped thousands of customers, expanded our SOC to offer international 24/7 support operations, and worked with some of the top names in the industry. Most importantly, I am proud that Infocyte has played a part in discovering and investigating some truly large hacks. Our team has prevented incalculable losses from ransomware attempts in sensitive places like hospitals during the COVID-19 pandemic.
We have built a name for strong, hands-on support for our users as well as enabling our partner network to compete and deliver high quality security services like threat assessments, incident response, and Managed Detection and Response (MDR).
Q: How is the threat intel side a missing piece and why is it important now?
Infocyte has never really had a dedicated threat intelligence function that faced our customers or the public. We’ve always focused our research time into internal R&D and baking new developments into our solutions. When our users ran into sticky, complex situations, we often just pulled our engineers and leaders into the trench temporarily. For instance, I’ve personally worked side-by-side with our partners on several high profile, complex cases while also managing our product organization. These were always fruitful as it helped a given partner through a time of need. These situations also were big opportunities for product feedback and served to keep my DFIR skill set relevant and up-to-date.
Second, cybersecurity is never static–it’s always evolving. There are companies and products that were once on top of detection charts that are now irrelevant because they stopped investing in staying ahead of threats. The threats we face today can’t be countered with the techniques and approaches we used even as few as five years ago.
Q: Why did you want to take on this new role?
Put simply: there is a gap in the market that we can help close. Infocyte gets hands-on exposure to so many incident response cases, so we are able to see the problem early. When a zero day or new threat gets publicized, often there is a flurry of dispersed publications that leave security managers without a clear understanding or response options they can use in their particular environments. With this new team, we have the advantage of being able to work directly with our customers and partners to respond to these high-profile and sophisticated threats.
Personally, the times I’ve jumped into the fray to help a partner or customer solve a big challenge have been the most rewarding things I do. With the increasing rate of vulnerabilities and attacks being released, I feel like it’s the right time to focus on what I believe will have the most impact for our community.
Q: What are you most excited about for the future of Infocyte?
The endpoint detection and response market, which we’ve been on the periphery of, has gone through a lot of changes and consolidation over the last few years. There are tons of tools out there, but only a handful like Infocyte have the technology, expertise, and speed to detect and respond immediately to these new threats. Deep forensics at scale, combined with our patented memory inspection technology gives us a unique advantage against sophisticated attacks that other tools miss.
While we found our niche with incident responders and security services partners, the big opportunity is just beginning. For one, the change to network topologies to support COVID-19 lockdowns and work-from-home has made cloud-based endpoint monitors like ours mandatory. Second, the reliance on SaaS services like Microsoft 365 has presented a new security challenge for us to help solve. The reaction to the recent release of our MS365 security module has shown just how critical it is to help secure and monitor these services in the post-COVID world.