FDR is underpinned by six purpose-built technologies that drive its unique feature set. These technologies integrate with one another - forming a highly-scalable and extensible platform which rapidly evolves with new customer and market demands. It begins with data capture across email, web, and network transit points. The latter - and most demanding - is made extraordinarily economical through high-performance network capture. Traffic is then processed through our Deep File Inspection (DFI) engine which expands the data into structured layers - where the most cleverly-disguised malware can be easily exposed. Next, DFI-expanded data is subjected to a battery of third-party curated and InQuest Labs Threat Intelligence for matching against millions of file artifacts, IP/ASN/URL/domain reputation checks, and IOCs. Each artifact is then assigned an IQ Score - an all-encompassing threat or data-loss score based on both confidence and severity - which enables alert, decoration or block actions to be immediately invoked. FDR value is extended beyond its own security charter through Intelligent Orchestration - which exports curated IOCs back out to SIEMs, 3rd party public and private intel exchanges, and security prevention/policy enforcement solutions. Finally, FDR RetroHunting enables threat hunters to easily apply the very latest scored artifact intelligence to files previously seen - making it fast and easy to identify the presence of malware, ransomware, exploits and other end user-induced security issues that have evaded defense-in-depth measures.