How it Works

The Technology

Infocyte HUNT


Proactively hunt for malware and persistent threats

Infocyte HUNT automates a traditional specialized knowledge and services-heavy forensics and continuous monitoring process, making it simple for your organization's IT and security teams to discover and respond to malware and persistent threats that have breached existing defenses. It offers organizations the ability to scan, find, and identify any suspicious software that has penetrated defenses – whether the malware is known or unknown, active or dormant. It’s automated discovery process allows you to quickly find threats and get to the business of incident response faster.


  • Agentless scans gather system information and scan volatile memory through patent-pending technology.
  • No pre-installed or permanent agents, simplifying deployment and endpoint maintenance.
  • Sweeps thousands of endpoints, spending a couple minutes on each, and conclusively validates their state: "Compromised" or "Not Compromised".
  • Deploy surveys to Windows or Linux endpoints via existing remote endpoint management protocols and solutions.
  • Discover active and dormant, known and unknown malware and persistent threats.
  • Identify and scan hidden beachheads (ie. non-compliant systems or those with disabled security mechanisms).
  • Network impact is fully manageable, giving you control of how fast a scan is conducted (up to thousands of systems per hour).


  • Primary detection approach uses static analysis techniques against active processes and systems to identify the unique markers of a compromised system such as stealth and persistence mechanisms.
  • Audits and scores the severity of identified issues to focus further analysis. 


  • Uses Forensic State Analysis (FSA) to discover hidden threats and compromises within a network. 
  • Ability to statically and dynamically analyze process-injected code or suspicious files found on disk.
  • Threat Intelligence integration identifies who might be behind the attack.



Infocyte HUNT utilizes a tiered deployment model with a central HUNT server situated within your environment. Enterprises maintain the flexibility of deploying a physical or virtual HUNT "relay" in protected network segments or remote sites to effectively scan the entire constellation or a select group of endpoints. These relays perform scans within their network segment and pass the results back to the central HUNT server for processing and display.



With Infocyte HUNT you retain control of your data. You have the choice of using our Incyte cloud-services for threat Intel queries (restricted to hashes, IPs, DNS, and suspicious executable analysis) or configure an on-premesis Incyte appliance and use your own (i.e. for air-gapped networks).



With Infocyte HUNT, there are no restrictions to the number of servers and relays deployed in your environment. Set scans as often as you like (hourly, daily, etc.) to hunt malware. This enables you to ensure that malware is not allowed to persist undiscovered after it breaches existing defenses, and put controls around dwell time to dramatically limit potential damage. 

Diving in


Infocyte HUNT's post breach detection is performed by independently scanning and validating endpoint devices, including workstations and servers. The platform consists of an endpoint scanner, deployable endpoint surveys (dissolvable agents), and an advanced cloud-based analysis engine.

During a scan, the surveys are deployed to each endpoint and perform full device validation via rapid collection and analysis of a wide array of endpoint configuration and process data. Device validation differs from behavior-based detection approaches which only look at activity of a system over time. Validation enables a significantly more comprehensive look at a device and what is on it – all within seconds.