Infocyte Hunt – Threat Analyse
Infocyte Hunt – Agentless Compromise Assessment
Infocyte Hunt is an agentless intrusion assessment platform designed for proactive hunting of existing persistent threats. Infocyte Hunt performs on-demand scans of endpoints using memory resident software that dissolves upon completion.
Infocyte Hunt dramatically reduces the level of effort required to provide that yes/no answer. Our Hunt Platform uses your admin credentials to log into every system and then uses the latest static and dynamic processes to evaluate a system for any signs of compromise. When it is finished, the data is transmitted back to a centralized management system where it can be further analyzed by your security professional.
Which Is More Important, to know you are vulnerable or to know you have been compromised?
What is an Intrusion Assessment?
The traditional prevent, detect and respond methodology isn’t good enough anymore. As the Internet of Things (IoT) grows, secure perimeters are dissolving. At the same time that invasions are getting easier, the threats grow more sophisticated and are harder to prevent or detect. Response has typically been a process of rebuilding compromised devices, updating patches and possibly adding firewall or IPS rules. The process is time consuming can be very expensive. More importantly, it doesn’t insure the threat won’t be back without much more forensics work. As a result, systems continue to be compromised with little hope of the security analyst ever catching up.
Intrusion assessment is the process of hunting threats – and Infocyte Hunt is a big part of that step. Compare intrusion detection to tracking a physical criminal. With every lead, an investigator checks the location to determine if the area is clear – a cyber intrusion assessment works the same way. As the owner of all the devices where an intruder could be hiding, you know the locations and have immediate access. If you know the signs of a system that has been compromised, you can provide a yes/no answer to the question, “Has this system been compromised?”
Forensics analysts have known how to do this for some time, but the level of effort required is enormous and the training is expensive. But with a thorough scouring of any system, a qualified forensics analyst can determine if a system is clean or not.
With Infocyte Hunt You Will Be Able To Identify:
- Malicious Processes
- Malicious Libraries and Drivers
- Memory Injections
- Operating System Manipulation
- APT Breach Heads
Data Breach and Cyber Risk Insurance providers would be prudent to use the intrusion assessment as a pre-existing conditions check prior to issuing a policy. The resulting report can be used in actuarial decision making alongside vulnerability and compliance reports. Additionally, the assessment may be used quarterly or annually as a third party audit to ensure the insured is making necessary efforts to detect and report cyber intrusions.
The intrusion assessment serves also to validate the effectiveness of current security measures and catch threats that may have been missed in the 24/7 cycle of continuous monitoring. Additionally, many organizations have difficulty justifying an increase in their security posture when a breach has not been experienced before. The resulting paradox renders breach detection nearly impossible due to a continuing weak security posture. An independent, third party intrusion assessment like Infocyte Hunt can uncover compromises that may have gone undetected, thereby providing the evidence necessary to improve security.
The methodology of the intrusion assessment enables faster triage of systems to determine the extent of newly identified breaches. Infocyte Hunt can be integrated with a Security Incident and Event Management (SIEM) system for rapid deployment in the event your other security products have detected suspicious or malicious activity.
A common tactic utilized by persistent attackers is the placement of an alternate backdoor within a network, even if said backdoor beacons infrequently. An alternate path ensures that an attacker can maintain access to a network in the event their primary mode of access is discovered. After an incident response situation, an intrusion assessment will help verify that no other hidden accesses remain and that the cleanup process was successful.
Mergers & Acquisitions
Prior to an M&A transaction, the intrusion assessment serves as the pre-existing conditions check to ensure the buyer is not accepting unnecessary risk from existing compromise. The most valuable part of many companies is their data. An intrusion assessment can validate intellectual property is not currently being compromised. When feasible an intrusion assessment should be conducted during the due diligence phase or at least prior to merging of the networks.
Our technology shines a light where many enterprises are in the dark — where persistent compromises have bypassed real-time security monitoring.