Frequently Asked Questions
Infocyte is an Austin, Texas-based cybersecurity startup focused on optimizing the central two—and most important—steps of the NIST cyber security incident response process: Detection and Response.
Infocyte HUNT is an independent, fast, and flexible detection and response platform that can run alongside or integrated with your existing investments in detection and response: EDR/EPP, SIEM, SOAR, ITSM, and more.
With regard to detection, Infocyte HUNT, provides ground truth through deep forensic inspection of assets (hosts, systems, servers, and workloads) and extensive threat intelligence.
With regard to Response, Infocyte HUNT delivers unparalleled speed— automating and streamlining the investigation, containment, eradication, and recovery steps involved in cyber security incident response.
Infocyte HUNT uses a forensic methodology that is radically different from traditional threat detection tools. Most other threat hunting tools rely on analyzing event-based security logs from sensors and software (agents) installed on the endpoint. This approach is both time-consuming and data intensive — requiring a lot of data before conclusions can be drawn.
Rather than analyzing logs, Infocyte HUNT directly inspects volatile memory in the asset (host, system, server, or workload) to gather primary data including rootkit hooks, malware persistence mechanisms, application vulnerabilities, and other digital forensics artifacts.
Those familiar with agentless vulnerability scanners will be familiar with how Infocyte HUNT is architected. By deploying lightweight dissolvable agents, Infocyte HUNT sweeps thousands of assets per hour, spending only a few moments on each host to collect vital information about: what has run, what is scheduled to run, and what is currently running in memory.
This sweep gathers forensic data from each host, even those without conventional detection tools installed. The collected forensic data, when combined with Infocyte's AI-powered analysis and enriched with multiple independent sources of threat intel, provides a comprehensive picture of the compromised state your endpoints — within minutes.
Additionally, Infocyte HUNT is the only solution that can meaningfully facilitate cyber security compromise and risk assessments. By automating the process of finding threats in live volatile memory, and combining that with cloud-based threat intelligence, Infocyte equips security operations teams and security assessors with the power to forensically evaluate the state of the network, without the lengthy manual process involved in traditional digital forensics.
No other technology approaches automated, scalable threat detection and cyber security incident response from a forensic standpoint. Infocyte HUNT stands alone in this approach.
Request a demo of our agentless detection and response platform to see Infocyte HUNT in action.
Most users are capable of setting up and deploying Infocyte HUNT within one (1) business day and can begin hunting and responding to cyber threats almost immediately.
Our cyber threat hunting and incident response tool is designed to be independent, lightweight, and easy-to-use.
Infocyte HUNT can be deployed on-premise or from the cloud — agentlessly or via a continuous agent — and inspects your hosts at 5,000 endpoints/hour.
Contact sales for a free Proof of Concept or to request a live demo of our award-winning cyber threat hunting and IR platform.
Infocyte's platform provides fast, flexible, affordable threat detection and automated incident response. Our detection and response platform is unique in four ways:
- Speed.
- Independence.
- Efficacy.
- Extensibility.
Speed. Configure, deploy, and begin using Infocyte from the cloud within minutes. Deploy via API (learn more about AWS Cloud Security) in your cloud or by agent/agent-less survey in your physical/virtual environments.
Independence. Infocyte does not rely on existing logs and historical data collected from security solutions (EDR/EPP, AV, IDS, and more) already active in your environment. This independent lens is key for establishing ground truth.
Efficacy. By assuming your endpoints are already compromised, Infocyte seeks to validate their state: compromised or not compromised. We do this by pulling primary and secondary threat intelligence, and comparing it to millions of samples of malicious and non-malicious code. Doing so reduces noise and helps security analysts focus on real threats.
Extensibility. Create, deploy, and share custom collection (analysis) and action (response) extensions. Automatically investigate root cause, create and log incident tickets, isolate hosts, perform PII forensics, use Windows Volume Shadow Copy, and more.
Request a demo to see Infocyte in action.
Infocyte HUNT requires an Active Directory Service account with local administrative rights to the hosts you intend to scan.
Firewalls should be open on typical remote management protocols and HTTP/HTTPS between the hunt server and the scanned hosts.
As Infocyte HUNT discovers potential threats on your networked endpoints, our AI-powered threat intelligence engine, Incyte™, analyzes and assigns a "Threat Score" to each result.
The Incyte Threat Score is a numerical representation of potential risk each threat poses to your network, based on behavioral characteristics, millions of samples of malicious code, and our own primary threat intelligence data.
Threat Scores range from 0 to 10 and and are calculated using machine learning and our threat scoring methodology. Characteristics which may influence the Threat Score assigned to each result, include:
- + if it is part of the Infocyte cloud blacklist or local blacklist
- = if it is part of the Infocyte cloud whitelist or local whitelist
- + if it is not part of a package manager (linux)
- - if it is part of the package manager
- + if it is not digitally signed
- - if it has an embedded digital signature
- - if it is part of OS digital signature catalog
- - if it is determined to be not malicious by Infocyte analysis
- + if automated analysis was unable to determine maliciousness
- + if automated analysis finds suspicious behavior characteristics
- + if antivirus data (3 or more) identifies it as malicious
Our Threat Score is designed to help security teams quickly and easily identify hidden and persistent threats hiding on their network.
Threat hunting is a proactive form of cybersecurity designed to hunt down compromised assets/applications, malware, vulnerabilities, and more — residing on the devices, nodes, and endpoints hidden throughout your network.
The practice of "cyber threat hunting" exposes the organization-crippling breaches, attacks, malware, ransomware, and more that most defensive cybersecurity tools — including antivirus, EDR, EPP, AV, and even hardware tools — are prone to miss.
Cyber threat hunting is considered (at least traditionally) an extremely specialized skillset and services-heavy process — requiring multiple cybersecurity analysts, resources, and internal assets, plus days, weeks, and sometimes months of manual threat hunting.
Infocyte HUNT automates and simplifies the cyber threat hunting process, helping you identify and investigate threats faster and more efficiently.
Infocyte HUNT pioneered agentless cyber threat hunting and has evolved to include an agent-based option for continuous detection and real-time response to security incidents.
Our agentless model works via deploying ephemeral surveys to the endpoints within your environment — on-premise, data center, and cloud-based assets. These surveys (binary files) are small (~1 MB) and return only 1-2 MB of data to our cloud-based security operations center (SOC) for analysis, investigation, and enrichment.
This unique model, featuring off-network analysis (taking place in our cloud SOC) reduces the impact on your network latency — ensuring Infocyte HUNT can run without disrupting business productivity or continuity.
Agentless surveys run as a single thread and at low priority, so they don't interfere with critical systems and/or processes. Once the Infocyte HUNT inspection is complete (each scan lasts a few minutes) the binary survey deletes itself from your endpoint.