Threat Intel Acquisition and Curation


InQuest Labs takes malware findings to an entirely new level. The security intelligence think tank continually harvests internal/proprietary, public, and private 3rd party threat intel for insight into today's attack types including sophisticated malware, ransomware, phishing lures, scams, fraud and other forms of malicious content.

Intelligence sources include:

Internal / Proprietary

  • Continuous monitoring of a Multi-Tbps composite alert stream
  • Customer opt-in InQuest Threat Exchange data for herd immunity and performance gains

Private / Exchanges

  • Microsoft Active Protections Program Advanced Notification Service (MAPP ANS)
  • Close partnership and 0day feed from Exodus Intelligence
  • OPSWAT, Zetalytics, BitDefender...

Public / Harvesting

  • OSINT Crawl, aggregate, analyze, and rank ~50 public reputation feeds
  • SOCMIT Hunt, pivot, crawl Twitter, GitHub, DNS/IP/registrant monitoring

InQuest Labs leverages DFI's de-duping, parsing, and proprietary weighting factors to curate the above data sources (via its own dog-fooded FDR instances) into valuable aggregate scores for each threat.

Keep in mind InQuest Labs is composed of experienced and dedicated security researchers from both the public and public sectors. The team works tirelessly to apply an efficient and novel approach towards threat prevention, breach detection, data-loss discovery, and threat hunting - giving our customers an intelligence ‘leap frog’. Meaningful acquisition and effective curation does not just ‘happen’. It stems from security researchers who have:

  • Worked with thousands of real-world exploits - vulnerability discovery and exploitation specialists - from all around the world
  • Vetted nearly every major security vendor on the planet, particularly best-in-class COTS and OSS solutions
  • Regularly published weekly threat intelligence updates, blogs and open source contributions

Finally, threat rules are routinely updated through ongoing monitoring/research of new findings, ensuring their efficacy over time. This curated threat analysis and aggregate threat scoring process points security analysts and threat hunters to exactly what matters - saving countless hours of analysis, as well as the avoidance of time wasted chasing irrelevant rabbit holes.