FDR API SaaS
Most modern malware detection and prevention solutions on the market have limitations related to the inspection of embedded file content due to the complexity of even the most common file structures. Malware and Ransomware are commonly nested in multiple levels of compression or compilation, lurking in complex PDF object streams, or buried within JAR files. FDR API SaaS enables SOC analysts or threat hunters to upload files - for inspection, analysis, scoring and enforcement action - either manually or automatically via the API.
The same powerful file inspection capabilities used in Email and Web Security SaaS are brought to bear - the difference being simply more of an on-demand approach.
Pricing is based on:
- Number of file scans per day (ranging from 2,000 to 100,000)
Core value includes:
- Profile and classify large volumes of sessions, files, and objects in real-time to identify threats targeting your users
- Elimination of manual steps that typically must be performed by the threat hunters before malicious content can be discovered
- Comparison of uploaded files to millions of ingested and dissected files extracted daily from data-in-motion (web traffic, email attachments, file transfers over endpoints), data-at-rest (data storage, file shares), and data-in-use (SaaS) through the combined application and use of our patented, Deep File Inspection (DFI™) analysis engine and proprietary Machine Learning (ML) algorithms
- Advanced analytical apparatus that leverages automated static analysis to examine, identify, and classify threats while extracting Indicators of Compromise (IOCs) that can be used to identify future attacks
Integration with Existing Malware Analysis Tools
- Provides a platform of internal analytics engines coupled with external integrations such as multi-av and detonation chambers to discover malware hidden in common carrier file types and objects at scale
- Retrospective threat analysis and scoring of historical content leveraging daily emerging threat intelligence updates enables analysts to discover attacks that may have previously gone under the radar
- Augment InQuest's intelligence with your own by defining Yara compatible signatures along with severity and confidence ratings factored by our threat discovery and scoring engines
Threat Score Understanding
- Review all contributing factors used to generate and assign a threat score. Threat scoring is based on InQuest's proprietary engine - augmented by external integrations, reputation feeds and pluggable components - providing reliable data points that are weighted and then factored into our own threat assessment.