INFOCYTE HUNT ENTERPRISE
Agentless Threat Hunting Platform for Windows and Linux
Infocyte HUNT automates a traditional services-heavy forensics and continuous monitoring process, making it simple for your organization's IT and security teams to discover and respond to malware and persistent threats.
- Discover active and dormant malware and persistent threats without pre-installed or permanent agents, simplifying deployment and endpoint maintenance.
- Agentless scans gather system information and scan volatile memory through patent-pending technology.
- Identify and scan hidden beachheads (ie. non-compliant systems or those with disabled security mechanisms).
- Network impact is fully manageable, giving you the keys to how fast a scan is conducted (up to thousands of systems per hour).
- Assess endpoints 30x faster than other solutions.
CHARACTERISTIC-BASED DETECTION (CBD)
- Primary detection approach uses static analysis techniques against active processes and systems to identify the unique markers of a compromised system such as stealth and persistence mechanisms.
- Audits and scores the severity of identified issues to focus further analysis.
ADVANCED ANALYTICS ENGINE
- Ability to statically and dynamically analyze process injected code or suspicious files found on disk.
- Threat Intelligence integration identifies who might be behind the attack.
PROTECTION FROM THE INSIDE OUT
Infocyte HUNT utilizes a tiered deployment model with a central HUNT server situated within your organization. Enterprises maintain the flexibility of deploying a physical or virtual HUNT "relay" in protected network segments or remote sites to effectively scan the entire constellation of endpoints. These relays perform scans within their network segment and pass the results back to the primary HUNT server for processing and display.
YOUR DATA STAYS WITH YOU
With Infocyte HUNT you retain control of your data. You have the choice of using our Incyte cloud-services for threat Intel queries (restricted to hashes, IPs, DNS, and suspicious executable analysis) or configure an on-premesis Incyte appliance and use your own (i.e. for air-gapped networks).
YOU'RE IN THE DRIVER'S SEAT
With Infocyte HUNT, there are no restrictions to number of servers and relays deployed in your environment. Scan as often as you like. Infocyte HUNT is the right choice for companies that want to incorporate threat hunting into their existing security posture and program.
The Infocyte HUNT platform consists of an endpoint scanner, deployable endpoint surveys (dissolvable agents), and an advanced cloud-based analysis engine – that work together to deliver full and complete insight into any malware or suspicious elements that reside in your environment (active or dormant).
During a scan, agentless endpoint surveys are deployed to each endpoint and perform full device validation via rapid collection and analysis of a wide array of endpoint configuration and process data. Device validation differs from behavior-based detection approaches which only look at activity of a system over time, Infocyte HUNT's validation enables a significantly more comprehensive look at a device and what is on it – all within seconds. As a result, Infocyte HUNT executes compromise assessments up to 30 times faster than competing technologies.
INCYTE CLOUD SERVICECloud-hosted analytics and threat intelligence service that provides Infocyte HUNT access to up-to-date software reputation and static and dynamic malware analysis capabilities.
HUNT COREScanners reside on-premises. The primary server, HUNT Core, includes the web interface and data storage elements. Optional HUNT Relays can also be deployed to branch offices to provide distributed scanning capabilities. *Dissolvable agents are deployed to each host for the duration of a scan
ENDPOINT SURVEYSSurvey modules gather system and process information, scan memory, encrypt and send the results back to the scanner and finally dissolve. Surveys are deployed using native remote management protocols and are only present on the endpoint for the duration of the scan.
NOT ENOUGH RESOURCES? Infocyte also offers a Managed Service option for your peace of mind. On a regular schedule we will conduct the scans and execute analysis for you. Managed services are suitable for any organization that prefers to outsource their infrastructure management and security, and is comfortable with periodic security assessments.