Frequently Asked Questions
Threat hunting is a proactive form of cybersecurity designed to hunt down compromised assets/applications, malware, vulnerabilities, and more — residing on the devices, nodes, and endpoints hidden throughout your network.
The practice of "cyber threat hunting" exposes the organization-crippling breaches, attacks, malware, ransomware, and more that most defensive cybersecurity tools — including antivirus, EDR, EPP, AV, and even hardware tools — are prone to miss.
Cyber threat hunting is considered (at least traditionally) an extremely specialized skillset and services-heavy process — requiring multiple cybersecurity analysts, resources, and internal assets, plus days, weeks, and sometimes months of manual threat hunting.
Infocyte HUNT automates and simplifies the cyber threat hunting process, helping you identify and investigate threats faster and more efficiently.
Infocyte HUNT uses a forensic methodology that is radically different from other threat hunting solutions. Other hunting tools rely on analyzing event based security logs from cumbersome sensors and software installed on the endpoint.
Rather than analyzing logs, Infocyte directly inspects volatile memory in the host in order to gather primary data including rootkit hooks, malware persistence mechanisms, application vulnerabilities, and other digital forensics artifacts.
Those familiar with agentless vulnerability scanners will be familiar with how Infocyte HUNT is architected. By deploying lightweight dissolvable agents, HUNT sweeps thousands of endpoints, spending only a few moments on each host.
This sweep gathers forensic data from each host, even those without conventional detection tools installed. The collected forensic data, when combined with Infocyte's analysis automation, provides a more comprehensive picture of the state of endpoints almost immediately.
Additionally, Infocyte HUNT is the only solution that can meaningfully facilitate compromise assessments. By automating the process of finding threats in live volatile memory, and combining that with cloud-based threat intelligence, Infocyte equips security operations teams and security assessors with the power to forensically evaluate the state of the network, without the lengthy manual process involved in traditional digital forensics.
No other technology approaches automated, scalable threat hunting from a forensic standpoint. Infocyte stands alone in this approach.
We call it Forensic State Analysis (FSA).
Request a demo of our threat hunting platform to see Infocyte HUNT in action.
Most users are capable of setting up and deploying Infocyte HUNT within one (1) business day and can begin hunting and responding to cyber threats almost immediately.
Our cyber threat hunting and incident response tool is designed to be independent, lightweight, and easy-to-use.
Infocyte HUNT can be deployed on-premise or from the cloud — agentlessly or via a continuous agent — and inspects your hosts at 5,000 endpoints/hour.
Contact sales for a free Proof of Concept or to request a live demo of our award-winning cyber threat hunting and IR platform.
Infocyte HUNT can be deployed from the cloud or on-prem — agentlessly and/or via a continuous endpoint agent — and utilizes Forensic State Analysis (FSA) to perform deep host inspections of the hosts on your network (laptops, desktops, servers, and more) including within live volatile memory.
By assuming your endpoints are already compromised, Infocyte HUNT seeks to validate their state using a variety of forensic and cyber threat hunting techniques.
Automated forensic collection, threat intel enrichment, and deep analysis workflows (via AI and ML) dig into anomalies and outliers, helping cyber threat hunters find what purely automated detection tools and log-based threat hunting tools often miss.
Unlike analytics (UEBA/UBA) threat hunting solutions, Infocyte HUNT pulls primary forensic data, rather than relying on existing security logs from sensors (IDS, AV, EDR, etc.) and historical data.
Log analysis threat hunting approaches are generally expensive, difficult to manage, and error-prone. Plus, these traditional cyber threat hunting techniques require in-depth knowledge of adversary tactics and how those tactics present themselves in the logs of your security solutions. In other words, you need to know what to look for.
Log analysis approaches can be an effective security stack component for those able to commit the monetary and expert resources needed to realize full value from them. But, no other cyber threat hunting tool comes close to the efficiency, effectiveness, and price-point of Infocyte HUNT.
Infocyte HUNT complements and strengthens your other tools via ongoing forensic inspection and baseline-independent analysis to find the cyber threats that elude traditional log analysis, AV, EDR, UEBA, etc. – all without the need for specialized knowledge.
Infocyte HUNT pioneered agentless cyber threat hunting and has evolved to include an agent-based option.
Our agentless threat hunting tool works by deploying ephemeral surveys to the endpoints on your network. The surveys (binary files) are small (~1 MB) and return only 1-2 MB of data to our cloud-based threat hunting platform.
Agentless threat hunting surveys run as a single thread and at low priority, so they don't interfere with critical systems and/or processes. Once the Infocyte HUNT inspection is complete (each scan lasts a few minutes) the binary survey deletes itself from your endpoint.
Gartner classifies our cyber threat hunting software as “agentless” in that regard.
Infocyte HUNT requires an Active Directory Service account with local administrative rights to the hosts you intend to scan.
Firewalls should be open on typical remote management protocols and HTTP/HTTPS between the hunt server and the scanned hosts.
As Infocyte HUNT discovers potential threats on your networked endpoints, our AI-powered threat intelligence engine, Incyte™, analyzes and assigns a "Threat Score" to each result.
The Incyte Threat Score is a numerical representation of potential risk each threat poses to your network, based on behavioral characteristics, millions of samples of malicious code, and our own primary threat intelligence data.
Threat Scores range from 0 to 10 and and are calculated using machine learning and our threat scoring methodology. Characteristics which may influence the Threat Score assigned to each result, include:
- + if it is part of the Infocyte cloud blacklist or local blacklist
- = if it is part of the Infocyte cloud whitelist or local whitelist
- + if it is not part of a package manager (linux)
- - if it is part of the package manager
- + if it is not digitally signed
- - if it has an embedded digital signature
- - if it is part of OS digital signature catalog
- - if it is determined to be not malicious by Infocyte analysis
- + if automated analysis was unable to determine maliciousness
- + if automated analysis finds suspicious behavior characteristics
- + if antivirus data (3 or more) identifies it as malicious
Our Threat Score is designed to help security teams quickly and easily identify hidden and persistent threats hiding on their network.