header-servers.png

PLATFORM

How it works.

The Technology

Infocyte HUNT

 
Cybersecurity_Breakthrough_Award-Badge_2017.png
 
SCAWARDS2017_finalist_web.jpg
 
 

Proactively hunt for malware and persistent threats

Infocyte HUNT automates a traditional specialized knowledge and services-heavy host forensics process, making it simple for security teams and assessors to discover and respond to malware and persistent threats that have evaded existing defenses. It offers organizations the ability to perform deep host inspections on thousands of systems to discover and investigate any suspicious indicators or software  – known or unknown, active or dormant.

AGENTLESS ARCHITECTURE

  • No pre-installed or permanent agents, simplifying deployment and maintenance.
  • Temporary, dissolving "surveys" analyze host volatile memory and gather system information.
  • Deploy surveys to Windows or Linux endpoints via existing remote endpoint management protocols and solutions.
  • Identify and scan hidden beachheads (ie. non-compliant systems or those with disabled security mechanisms).
  • Network impact is fully manageable (up to 5000 systems per hour, per scanner).

FORENSIC STATE ANALYSIS (FSA)

  • Primary detection approach uses forensic analysis techniques to identify the unique markers of a compromised system such as stealth and persistence mechanisms.
  • Threat Hunting principles such as data stacking and triage scoring are used to focus further analysis into detected outliers and anomalies.
  • Volatile memory forensic techniques are utilized live on each host to dig deeper than anti-virus and script-based solutions.
  • Discover active and dormant, known and unknown malware and persistent threats.

THREAT INTELLIGENCE & ANALYTICS CLOUD

  • Reputation and curated threat intelligence is made available for all subscribers (no add-ons required).
  • Synapse supervised machine learning model triages and categorizes possible backdoors and remote access tools found in memory.
  • Hosted static and dynamic analysis capabilities work against executable code samples recovered directly from memory.
 

PROTECTION FROM THE INSIDE OUT

 

Infocyte HUNT utilizes a simple agentless deployment model with a central HUNT server situated within your environment. Enterprises maintain the flexibility of deploying a HUNT "relay" in protected network segments or remote sites to effectively scan the entire constellation or a select group of endpoints. 

 
 

Diving in

ARCHITECTURE

Infocyte HUNT independently scans and validates endpoint devices, including workstations and servers, physical or virtual. The platform consists of a scanner, surveys (dissolvable, temporary collectors), and an advanced cloud-based analysis engine which includes threat intelligence and AI-powered analysis.

During a scan, the surveys are deployed to each endpoint and perform full device validation via rapid collection and analysis of a wide array of OS configuration and forensic data. FSA enables a significantly more comprehensive look at a set of devices – all within seconds.

threat-hunting-platform-diagram.png