Threat Intel Acquisition and Curation


InQuest Labs takes malware findings to an entirely new level. The security intelligence think tank continually harvests internal/proprietary, public, and private 3rd party threat intel for insight into today's attack types including sophisticated malware, ransomware, phishing lures, scams, fraud and other forms of malicious content. Internal sources include insights gathered from the continuous monitoring of a multi-Tbps composite alert stream with customer opt-in InQuest Threat Exchange data. Public sources include OPSWAT, VirusTotal, Twitter and roughly 50 public reputation feeds. Private sources include Exodus Intelligence, Microsoft Active Protections Program Advanced Notification Service (MAPP ANS), and ZetaLytics. Next, InQuest Labs leverages DFI's de-duping, parsing, and proprietary weighting factors to curate data sources (via its own dog-fooded FDR instances) into valuable aggregate scores for each threat. Finally, threat rules are regularly updated through ongoing monitoring/research of new findings, ensuring their efficacy over time. This curated threat analysis and aggregate threat scoring process points security analysts and threat hunters to exactly what matters - saving countless hours of analysis, as well as the avoidance of wasted time chasing irrelevant rabbit holes.