Cyber Threat Hunting Solution Matrix
Compare Infocyte HUNT to antivirus (AV) software and Endpoint Detection & Response (EDR) platforms for cyber threat hunting.
| Threat Hunting Capabilities | |||
|---|---|---|---|
| Hunt within Memory Discovery and analysis of injected code, rogue threads, overwrites, hooks, and fileless malware via Automatic Memory Extraction. | |||
| Hunt for Persistence Collects and analyzes triggers for dormant and time-delayed malware or malicious commands | |||
| Hunt for Historical Infections Collects and analyzes execution artifacts like shimcache, prefetch, etc. | |||
| Hunt for Vulnerable Software Finds all installed software with known vulnerabilities and weaknesses | |||
| Hunt for Non-compliant Systems Agentless asset discovery capabilities | |||
| Anti-forensic Mitigation Counteracts malware stealth techniques like automorphic malware, which attempt to thwart hunters | |||
| Proprietary Threat Intelligence Access to our proprietary Incyte Cloud Intel with integrated threat intel, reputation, AI-powered malware analysis, and multi-AV | |||
| Scan Systems for Active Malware (Non-signature based or machine learning) With 10+ million new malware samples identified each month, signatures can't keep up. | |||
| Scan Systems for Active Malware (Signature-based) Signatures still have a place for identifying known threats. |
[1] Some NextGen AV engines and some EDR platforms with file-less and memory-based attack features typically only monitor the door to your memory (aka monitoring key API calls used in malicious injection) in order to prevent or detect the attack in real-time, they do not actually analyze memory, which is almost exclusively handled offline via a third-party memory forensics tool, after a full physical memory acquisition.
[2] Some EDR platforms will monitor for changes to the most common persistence mechanisms, but do not offer capabilities to collect and hunt within the hundreds of possible locations.
Defensive Cybersecurity vs. Cyber Threat Hunting Tools
Defensive cybersecurity tools are designed to do just that: defend your IT assets from attackers. Unfortunately, defensive tools are prone to miss certain attacks — file-less malware, triggered attacks, advanced persistent threats, and more — as evident in the news headlines about data breaches, hackers, and new/advanced malware.
Cyber threat hunting is an offensive, or proactive, cybersecurity practice whereby your team hunts down the malicious threats capable of evading the world's best defenses.
Infocyte HUNT proactively, automatically, and continuously inspects your network's endpoints helping you identify, contain, and eradicate cyber threats.
