FDR Network Threat Analytics


FDR Network Threat Analytics provides dynamic analysis and detection capabilities that enable identification and response to a variety of cyber threats targeting enterprise networks:

  • Breach Detection
  • Exploitation Techniques
  • Intrusion Attempts
  • Malicious Actors
  • Suspicious Behavior

Pricing is based on:

  • Collector Appliance Throughout Rating (Gbps)
  • Number of Collector Appliances
  • Number of Manager Appliances
  • Physical or Virtual Deployment

Key features include:

  • High-Performance Network Inspection
    • Monitoring network traffic at throughput speeds from 100 Mbps to 40 Gbps
    • Full session analysis leveraging behavioral and advanced analytical techniques - including Machine Learning (ML) - to identify and respond to anomalous suspicious behavior
  • Turnkey physical and virtual appliance form factors
  • Physical appliances provide excellent data center economics - minimizing data center footprint (via 1U form factor), power, and cooling needs
  • Appliances collectively managed via single pane of glass
  • Ingests data in-motion, data in-use, and data at-rest
  • Complex threat hunting tasks are automated by leveraging intrusion analysis, intrusion detection, incident response, and event triage
  • Alert on malicious network activities, investigate, and perform forensics analysis to determine root cause and then respond using event triage and mitigation
  • Multiple Inspection Techniques
    • Deep File Inspection (DFI) employs detection logic at numerous layers to uncover a wide variety of attack and exploitation techniques
      • Rapidly dissects files to expose evasions and malicious content within embedded logic (macros, scripts, applets), semantic context (spreadsheet cells, presentation words, etc.), and metadata (author, edit time, page count, etc)
      • Full artifact inspection including session-level metadata (web headers), domains, files, hashes, headers, IPs, SSL certificates and URLs
      • Optical Character Recognition (OCR), Computer Vision, and Perception Hashing used to inspect embedded images for presence of malware
    • Machine Learning (ML) incorporates advanced algorithms that leverage supervised classifiers and unsupervised clusters - designed to query vast amounts of data, discover patterns, and generate valuable insights
    • Algorithms are leveraged to identify/pinpoint threats without the use of IOCs
    • Sandbox integrations
    • Multi-scanning technologies
  • Breach Detection and Containment
    • Full visibility of all inbound and outbound enterprise network traffic flow to determine whether a breach has occurred
    • Identifies Command and Control (C2) activity associated with advanced persistent threats (APTs) by performing behavioral analytics and leveraging unique Indicators of Compromise (IoC) acquired and curated by InQuest Labs
    • Detects and/or prevents C2 activity of sophisticated actors and their tradecraft - ultimately reducing the dwell time that can eventually lead to data leakage or exfiltration
  • Emerging Threat Detection
    • Inspection engine utilizes heuristics and signature-based analytical pipelines to identify real-world emerging threats - blocking Zero-Day attacks and N-Day attacks
  • Retrospective Malware Detection
    • Via RetroHunting, files are inspected for latest threats to ensure even the most sophisticated attacks don’t go undetected - even if initially missed
  • Data Loss Prevention
    • Inspection of all file content and context to identify data exfiltration - ensuring sensitive information never leaves your environment
  • IQScore
    • Each file is dissected into an array of artifacts - each artifact is then given an IQ Score
    • Scores are driven by all available intelligence including discrete, heuristic, and ML score contributors
    • Threat receipts show intel sources at-a-glance
    • Signature pairings for "heating" and “cooling" based on latest threat intel
    • Block, alert, investigate recommendations give SecOps clear guidance on enforcement policy
  • Proactive Threat Intelligence
    • Built-in incident response workflow, remediation, and breach containment alleviate investigative workflows for your operators
    • Provides the ability to proactively track and hunt for emerging threats that have targeted your environment
  • RetroHunt Capability
    • SecOps personnel can retrospectively identify the most sophisticated threats to determine which assets have been impacted
  • Invisible to outsiders / attackers