infocyte endpoint detection and response security

Infocyte Q2 2020 Newsletter

The New Work Environment

In the past, to contain a security incident, your team had to be present at the devices. This requirement has been becoming less obtainable for quite some time with more employees working remotely. Now, with COVID-19 being declared a pandemic, many organizations have required all employees to work remotely and restrict business travel—even for incident response. Malicious actors are taking this opportunity to achieve their nefarious goals by attacking a remote workforce that is ill-prepared for the current situation. Infocyte would like to share some best practices for delivering security to a distributed workforce. Using Infocyte, you can easily respond to an incident without traveling to the impacted infrastructure. That includes everything from identifying a breach, remediating it, and addressing the root cause.

Considerations

  • Public and private cloud-based services drive almost all aspects of business.
  • Compromises do not usually result in the affected endpoint(s) being cut off from the internet—and infrastructure remains accessible.
  • Remote workers are usually found in one of two configurations—with and without VPN access.
  • If the non-VPN users are compromised, how can your security team assist?

The Solution: Monitor, Assess, and Respond

Infocyte’s powerful Cloud platform allows your security team to access devices, on or off the corporate network, anywhere in the world. Your team is now able to monitor for threats, assess their impact and pervasiveness, and with Infocyte’s Extensions, they can respond. Isolate the machine, kill processes, delete files, and once remediated, restore the machine. These are all possible—not on just one machine but securing hundreds or even thousands of machines at once is now a reality. This is particularly powerful when you consider that machines do not even have to be on the corporate network. If the endpoint has internet access, you can address the concern.

Infocyte Best Practices

Infrastructure and cloud assets can be reached via a Controller with very little configuration.

Remote employees should have Agents installed on their machines—with or without VPN Access.

Scan daily to identify threats and use extensions to remediate them. Infocyte Support is here to help.  Please reach out to us at support@infocyte.com for additional information or assistance.

Quarter 1 Releases

The engineering team worked diligently in Q1 to deliver new features. Three months of hard work—a lifetime of value.

Extensions

Infocyte’s extension platform enables the world.  If you can script it, you can do it with Infocyte.

Extensions are an open source solution that are scalable across your environment; for one machine or thousands. Accomplish more with less work. We encourage all our customers and partners to both utilize the shared extensions and develop their own to expand the library. If you would like more information about extensions, please contact your Infocyte representative.

Webhooks

Infocyte has made it easier than ever to integrate with your suite of tools. Webhooks allow users to get any alert out of the tool and into a common format to collate with other security information. Coupling Webhooks with our API allows for even more capabilities around automation.

Controller Groups

Monitoring distributed networks in one SaaS instance?  Want more throughput or to bypass the queue for an emergency scan? Controller Groups allow Infocyte users to use Agent-less scanning in new ways.

Use Case 1

Multiple Controllers in the same group to provide increased throughput and redundancy.

Use Case 2

Point one or more Controllers at different networks or segments without communication between the two.

Use Case 3

Setup a Controller Group that remains idle until it is needed for an emergency request—bypassing other tasks in queue.

Proxy Support

Were you using Agents instead of a Controller due to the existence of a proxy? No longer are proxy users limited to using Agents. Proxy support is now available in the Controller!

Other Enhancements

  • Improved Integrations
  • Improved Enumeration Speed
  • Improved Agent Handling
  • Improved Scan Rate
  • Improved Threat Intel Sources
  • Improved Artificial Intelligence
  • Improved API Access
  • Improved Object Filtering
  • Added ability to uninstall Agents via the Console
  • Added ability to install Agents via a Controller
  • Added support features

Upcoming Features

Real-time Security

Slated for release in April 2020 Infocyte expands into real-time security monitoring.  No longer do you have to wait for a full scan to know that you are clean and safe!

Now your security staff will be alerted in real-time and coupling this technology with our wide variety of options to deliver you the right alerts at the right time—thus providing an invaluable toolset for your security team.

Infocyte Rules Engine

To capitalize on the power of real-time security, Infocyte’s product team will be expanding our MITRE ATT&CK based rules engine capabilities—allowing users to specify their own rules for creating Alerts. The upgraded engine will allow users to outline an action based on specific inputs and conditions.

Get notified before it’s too late!

Powerful Search Abilities

Infocyte will be upgrading our search capability.  This new interactive search capability will enable users the flexibility to search across all data collected and establish rules for detection based on the search criteria.

More information will be made available about this feature enhancement in our future newsletters.

Featured Power User Tip

The Power of Infocyte API-First

Did you know that everything viewed, processed, and documented in the Infocyte Console is available via the Infocyte API?  Use cURL, PowerShell, or our API Explorer to expand your team’s ability and automation. 

Quick Starts for PowerShell:

  1. Generate an API token in the Console and Install the PowerShell module. KB Article
  2. Docs and Source Code for Powershell Tools on Infocyte GitHub. GitHub

Still not finding what you are looking for? Our API is fully documented and can be interacted with from your preferred browser. Simply add the string /explorer to the end of your Infocyte instance’s URL. For example:

https://customer.infocyte/explorer

Then enter your API token, and navigate through the available options.