Threat intelligence is only as good as the sources that drive it, which is why InQuest integrates 0-day vulnerability detection into our product via research from Exodus Intelligence. Going beyond public vulns and in-the-wild samples, this level of coverage affords protection against new TTPs, long before they become part of the known threat landscape.
Zero-day Exploit Coverage
InQuest’s network-based threat prevention solution integrates techniques and threat intelligence from a wide range of sources. Notable among those for providing insight into pre-emergent threats is our set of zero-day signatures developed in partnership with Exodus Intelligence. These allow us to detect attempts by sophisticated malicious actors to target vulns in widely used products such as Firefox, Adobe Reader, and other ubiquitous utilities found on workstations.
As vulnerabilities progress through their life cycle, their presence in the threat landscape shifts and grows. As a zero-day, the vulnerability’s primary use is as an entry point for APT groups to gain a foothold into a network while evading workstation AV solutions. As n-day, or public vulnerabilities, these can still present a hazard to an organization’s security posture as a patch may not be available, or the vendor patch may not yet be deployed to all systems on a network. Our zero-day protection for these vulnerabilities affords customers not just early detection for unknown threats, but a head start as vulns go public, while antivirus solutions have to race to update their own databases. Beyond just providing data for specific vulnerabilities, exploitation techniques gleaned from these reports feed into our proprietary Deep File Inspection® stack, allowing InQuest to identify and protect against similar exploits in the same class.
Cutting-Edge Vulnerability Research
We are proud to partner with the team at Exodus Intelligence, a market leader in creating actionable information and vulnerability reporting. With their vast experience in finding exploitable bugs in both commercial off-the-shelf software, as well as embedded applications, Exodus provides a unique set of insights and capabilities. Whether it’s Broadpwn, a fully remote exploit against the entire family of Broadcom WiFi chipsets present in Android and iOS devices, or their award-winning “Execute My Packet” attack against the Cisco Adaptive Security Appliance and firewall, their research can help organizations augment their security posture, no matter what their attack surface looks like. InQuest customers also have access to the Exodus web portal, where they can acquire detailed reports, exploit code, and their Enterprise Zero-Day Feed subscription for products affecting high-profile vendors.
Listed below is a partial table of selected zero-day vulnerabilites InQuest has coverage for, and links to the Exodus portal where you can find out more:
| Zero-Day Vulnerability | Product | Versions Affected |
|---|---|---|
| EIP-2014-0025 | Adobe Reader | 11.0.0+ |
| EIP-2014-0012 | Adobe Reader | 11.0.0+ |
| EIP-2014-0011 | Adobe Reader | 11.0.0+ |
| EIP-2017-0015 | Mozilla Firefox | 40+ |
| EIP-2017-0016 | Mozilla Firefox | 40+ |
| EIP-2017-0044 | Foxit PhantomPDF | 8.3.1 |
| EIP-2017-0045 | Foxit PhantomPDF | 8.3.1 |
| EIP-2015-0043 | Foxit Reader 7 | 7.2.2.929 |
| EIP-2015-0049 | Foxit Reader 7 | 7.2.2.929 |
| EIP-2016-0009 | Nitro Pro | 10.5.7.32 |