DEFEND THE ENTERPRISE

Breach Detection


With data breaches on the rise, critical assets and sensitive information are increasingly attractive targets for cybercriminals. Organizations with basic security controls are almost always unaware of a threat actor's foothold or even presence in their environment until months or even years of dwell time after the initial intrusion.

 

Challenge


Threat actors commonly leverage sophisticated attack methodologies and evasion techniques that are capable of bypassing a variety of security controls employed by businesses today. The initial intrusion and successful compromise provides the attacker with a foothold that is then leveraged to perform internal reconnaissance and lateral movement throughout their campaign. Destruction, encryption and/or exfiltration of the organization's sensitive assets and data almost always follows.

Solution

InQuest's Breach Detection System (BDS) is dedicated to providing full visibility of all inbound and outbound enterprise network traffic flow to determine whether a breach has occurred. Our solution is capable of identifying Command and Control (C2) activity associated with advanced persistent threats (APTs) by performing behavioral analytics and leveraging unique Indicators of Compromise (IoC) which are acquired and curated by our InQuest Labs research team. The system is designed to detect and/or prevent the C2 activity of sophisticated actors and their tradecraft across multiple stages post-compromise to ultimately identify and prevent data leakage or exfiltration.

The Advantages of Breach Detection


Powered by Human + Machine (ML)

InQuest's proprietary Machine Learning (ML) engine is comprised of four well-vetted classifiers and uses previously collected data on malicious and benign content to automatically detect patterns that might go undetected by signature-based detection engines.

Command & Control (C2) Detection

InQuest's platform provides continuous protection against Command and Control (C2) activity with a specific focus on Domain and IP communications. Our C2 detection engine is regularly updated with Indicators of Compromise (IOC) sourced from a combination of internal, private and public threat intelligence feeds.

Real-Time Threat Protection

The InQuest BDS focuses on dynamic malicious activities within your Enterprise. It identifies breaches using a combination of heuristics, traffic analysis, and risk assessment. Using these methodologies, the BDS identifies breaches by detecting the Command and Control (C2) activity as it occurs ultimately discovering successful attacks that had previously gone undetected.

Indication of Compromise (IoC)

We determine the nature of the threat through the use of an event taxonomy coupled with MITRE's ATT&CK Framework to better inform network defenders. This enables defenders to combat the adversaries by identifying threat patterns that map individual intrusions to actual attack campaigns.

Data Loss Prevention

The InQuest platform provides functionality that empowers analysts with the ability to easily and efficiently identify data exfiltration occurring across their Enterprise. Our Data Loss Prevention (DLP) consists of four analytical operations: Capture, Dissect, Identify, and Alert.