This post was last updated on December 10th, 2019 at 12:49 pm
How Infocyte HUNT Works
Infocyte HUNT uses FSA to discover hidden threats and compromises within a network. HUNT's agentless threat hunting survey sweeps thousands of endpoints per hour to conclusively validate their state as: "Compromised" or "Not Compromised."
Infocyte HUNT inspects each endpoint/device to validate:
- What is actively running?
- What is triggered to run (through a persistence mechanism)?
Next, it identifies any manipulation of the operating system (OS) or active processes, e.g., what a rootkit does to hide its presence, or what an insider threat might do to disable the system's security controls. This will reveal things like an OS configuration setting, or an API call being hooked by a rogue/hidden process within volatile memory, i.e., rootkit.
This is starkly different from the behavior analysis techniques used by Endpoint Detection and Response (EDR) or User Behavior Analytics (UBA) products - which only record the changes to a system or network as events, e.g., a new process spawning, a registry key change, or a user elevating privileges. FSA digs much deeper.
Perhaps the most important aspect of ensuring the state analysis of a compromised device (or endpoint) is successful is being able to bypass anti-forensics techniques. This is accomplished by digging into higher-level Operating System APIs and working directly with volatile memory structures — both of which Infocyte HUNT does, automatically.
The Infocyte HUNT Advantage
Infocyte HUNT does not replace the need for centralized logging or real-time behavior monitoring. On the contrary, these endpoint security tools are highly complementary.
Rather, HUNT fills the gap in post-compromise detection by providing the capabilities to audit, assess, and validate what and who is on all the hosts in your network.
For the mature enterprise Security Operations Center (SOC) already doing threat hunting, Infocyte HUNT enables you to shift from custom scripts and other one-host-at-a-time DFIR processes you use to validate suspicious behaviors your team detects — and automates the threat hunting process.
With Infocyte HUNT’s FSA methodology you can iteratively and effectively sweep every endpoint to find entrenched threats and beachheads capable of penetrating your existing cybersecurity defenses.
HUNT provides the best approach to hunting persistent threats, because it is:
- Easy to use
- Independently conclusive
- Highly cost-effective
Learn more about Forensic State Analysis and Infocyte HUNT's unique approach to finding hidden and persistent threats.