IQ Score


InQuest FDR continuously extracts artifacts, processes files through its DFI engine, and provides file-related artifacts to optional third-party / in-cloud services - ultimately producing a single, all-encompassing threat or data-loss score per artifact. Scores are based on both confidence and severity, where severity ranges from 0 - 10, 10 being the most severe. FDR IQ Score has distinct value-add properties for SOCs. As an example, one can submit a file to VirusTotal for an instant score based on the number of security vendors and sandboxes that have flagged the file as malicious. It could be that there are no flags. It could be that there are 10's of flags - resulting in a high threat score. But should each security vendor and sandbox be treated equally? Do they each have the same track record of success? Of course not. And that is but a single file analysis source. Now imagine that there is a lab of seasoned security analysts who can delve far deeper into third party tool scores, the power of Deep File Inspection, and their own wisdom - all packaged into an advanced algorithm that produces a far more efficacious score - in terms of severity and confidence. This is IQ Score.