The Technology

Infocyte HUNT

 
Cybersecurity_Breakthrough_Award-Badge_2017.png
 
SCAWARDS2017_finalist_web.jpg
 
 

Proactively hunt for malware and persistent threats

Infocyte HUNT automates a traditional specialized knowledge and services-heavy host forensics process, making it simple for security teams and assessors to discover and respond to malware and persistent threats that have evaded existing defenses. It offers organizations the ability to perform deep host inspections on thousands of systems to discover and investigate any suspicious indicators or software  – known or unknown, active or dormant.

AGENTLESS ARCHITECTURE

  • No pre-installed or permanent agents, simplifying deployment and maintenance.
  • Temporary, dissolving "surveys" analyze host volatile memory and gather system information.
  • Deploy surveys to Windows or Linux endpoints via existing remote endpoint management protocols and solutions.
  • Identify and scan hidden beachheads (ie. non-compliant systems or those with disabled security mechanisms).
  • Network impact is fully manageable (up to 5000 systems per hour, per scanner).

FORENSIC STATE ANALYSIS (FSA)

  • Primary detection approach uses forensic analysis techniques to identify the unique markers of a compromised system such as stealth and persistence mechanisms.
  • Threat Hunting principles such as data stacking and triage scoring are used to focus further analysis into detected outliers and anomalies.
  • Volatile memory forensic techniques are utilized live on each host to dig deeper than anti-virus and script-based solutions.
  • Discover active and dormant, known and unknown malware and persistent threats.

THREAT INTELLIGENCE & ANALYTICS CLOUD

  • Reputation and curated threat intelligence is made available for all subscribers (no add-ons required).
  • Synapse supervised machine learning model triages and categorizes possible backdoors and remote access tools found in memory.
  • Hosted static and dynamic analysis capabilities work against executable code samples recovered directly from memory.