Introducing File Detection and Response (FDR)

Posted on 2022-08-17 by Michael Arcamone

We are excited to announce File Detection and Response (FDR) as the new moniker for InQuest solutions. I’d like to give you a little background on how this came about. As most of our readers know, InQuest is all about Deep File InspectionTM (DFI) and RetroHuntingTM, these two core technologies are what sets InQuest solutions apart from other file analysis solutions on the marketplace. But there is a broader story at play here - what we call the ‘end-user security gap’. The evidence is compelling. You need not read any further than the 2022 Verizon DBIR to realize that the vast majority of malware, ransomware, exploitation, phishing, scam, and fraud issues can be traced back to a user opening a file that cleverly and unknowingly delivers a malicious payload. It is this set of issues that InQuest has focused its technology and solution portfolio upon - first in the public sector, and more recently in the private sector. What has been interesting to observe as we have engaged with an increasing number of prospects and customers - is the feedback loop which typically gets expressed as something like this…”What your platform does is unique. You are not EDR, NDR, or XDR - and while we need those solutions, they do not cover what InQuest does. You are more like ‘file detection and response’...”. When we heard that, it made sense. So, we decided to express our solution story accordingly.

What is FDR?

FDR’s raison d’etre is to close the end-user security gap - specifically by stopping file-borne breaches and incidents. It accomplishes this by deeply inspecting every file traversing your email, your web connections, and your network infrastructure. It is able to inspect files at rest, files in motion, and files in use. It dives deep - peeling apart the ‘Matryoshka doll’ nature of a file - exposing each logical layer of a file to a rich set of 3rd party and InQuest labs intel sources, machine learning algorithms, and more, to produce an immediately actionable threat score - driven by severity and confidence - which we call IQ Score. This score tells you exactly which files are definitively bad, which are risky, and which are benign. Best of all, our architecture is designed to do this deep dive work in about a second per file - making it enormously scalable.

But the value of FDR extends beyond stopping file-borne breaches and incidents. InQuest also recognizes that there is no ‘silver bullet’. No security solution bats a thousand. Things do get through. And the ones that do can be tough to find and root out. FDR’s second goal is to make it easy for any security analyst to become a top-gun threat hunter. We accomplish this by further leveraging DFI and RetroHunting to apply today’s fresh intel to files that have already passed email, web, and network traffic inspection points - giving you assurance that your IT environment is under constant surveillance for attacks targeting 0-day and N-day vulnerabilities.

There is a third benefit to FDR. Security is an expensive and complex business - a web of products, budget to keep them evergreen, skilled personnel to operate and derive value from them, etc. Every CISO is under pressure to prove the efficacy of their existing defense-in-depth infrastructure. FDR helps here too. Its ability to both leverage intel from your existing intel sources, multi-AV and or sandbox solutions - and more importantly, push truly actionable intel back out to your enforcement points, SIEMs, etc. - is the ‘rising tide lifts all boats’. FDR drives greater value and ROI throughout your entire security armament, not just its own focus on stopping file-borne breaches and incidents.

So, What’s New?

Short and sweet, we’ve updated our website to reflect the above succinctly. We believe this change makes it a little easier for visitors to learn about FDR:

  • Specific problems addressed
  • Core technologies and key features
  • How it’s different from other detect and response approaches
  • Security solutions it addresses
  • How to get started with an assessment, trial, or purchase

This is just the beginning of how we help our visitors and prospects gain a full appreciation of the power and value of FDR. Check out the new site, sign up for our newsletter, or follow our blog. We’ll be sharing even more about FDR in the coming weeks and would love to keep you informed.


Tags
deep-file-inspection

Get The InQuest Insider

Find us on Twitter for frequent updates, follow our Blog for bi-weekly technical write-ups, or subscribe here to receive our monthly newsletter, The InQuest Insider. We curate and provide you with the latest news stories, field notes about innovative malware, novel research / analysis / threat hunting tools, security tips and more.