What is FDR?
File Detection and Response (FDR), is a new detection and response market space - distinctly different from other detection and response solutions like Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and Extended Detection and Response (XDR).
FDR was designed from the ground up by SOC analysts and threat hunters chartered with defending the US Department of Defense (DoD) against literally tens of millions of emails - each and every day - containing malware, viruses and phishing schemes from hackers, terrorists and foreign adversaries attempting to gain unauthorized access to military systems. There is no organization on the planet with more access to the latest and greatest security technology than the Pentagon. And yet, a significant defense gap remained. That gap was a detection and response solution that would be singularly focused on files (the root of nearly all end user security issues) - files in motion, files in use and files at rest. InQuest was formed to address this gap.
Stated simply, FDR closes the user security gap by focusing on file-borne attacks. Its breaches and incident detection and response spectrum addresses malware, ransomware, exploits, phishing lures, scams, fraud and data loss violations.
However, company founders recognize there is no silver bullet that will magically collapse defense-in-depth into a single solution. So FDR is driven by two additional design goals. First, a recognition that the only way to combat adversaries who effectively use human and machine forces is to match up with the same. This means a heavy design focus must be placed on features that speak to the daily grind of SOC analysts and threat hunters. Second, CISOs and other security leaders are under constant pressure to prove the SOC (expensive by virtue of ever-expanding tooling capital and human cost) is achieving a worthy ROI. In order to specifically and materially contribute here, FDR is designed for easy integration and intelligence exchange with other prominent defense-in-depth solutions - driven by the aphorism 'a rising tide lifts all boats'.
FDR's uniqueness lies in its ability to rapidly dissect files into fine-grained elements, which can each then be examined for malware with high precision, ultimately resulting in a threat score which can drive effective security action. This is best expressed as 'file analysis at scale' - which has three key scale dimensions: scale at depth, scale at speed, and scale across time. There is no other detection and response solution that can stop or root out end user security issues with the speed, accuracy, and minimal resource consumption of FDR.
To deliver on its core promises (stop file-borne breaches and incidents, automate threat hunting with real-time intelligence, and supercharge the SOC ROI), FDR is underpinned by five important technologies:
- High-Performance Network Capture and Analysis
- Deep File Inspection (DFI)
- Threat Intel Acquisition and Curation
- Intelligent Orchestration
Each is discussed in greater detail below, followed by FDR's core features made possible by the interplay of these technologies, benefits, and differentiation from other defense-in-depth solutions.
FDR is a valuable complement to other detection and response solutions, but with a sharp focus on SOC analyst and threat hunter resources who continue to miss serious attack activity and are drowning from non-actionable data produced by solutions that leave serious gaps. Any SOC - public or private sector, end-customer or managed service provider (MSP) - will benefit handsomely from the addition of FDR to its defense-in-depth solution portfolio.