PROTECT THE CLOUD

DFI™ Analytical Pipeline


The frequency and sophistication of threat actor campaigns continues to be on the rise and that poses a serious threat to enterprises of all sizes.

DFI™ Whitepaper
 
 

Challenge


Most modern malware detection and prevention solutions on the market have limitations related to the inspection of embedded file content due to the complexity of even the most common file structures. Malware and Ransomware are commonly nested in multiple levels of compression or compilation, lurking in complex PDF object streams or buried within JAR files.

 

In some cases, a number of manual steps must be performed by the threat hunters before the malicious content can be discovered.

Threat actors are also injecting their malware within encrypted traffic using obfuscation techniques, which makes the job of threat hunters even more challenging due to the lack of visibility and context.

As the amount of malware and ransomware that evades detection grows, the need to profile, track and correlate undetected threats becomes imperative to limit the impact of breaches and the data exfiltration that follows. Existing solutions in the space perform little, if any, unraveling of file layers that sophisticated threat actors use today to evade detection, which limits an enterprise’s ability to combat cyber threats effectively.


 

Solution


InQuest addresses the malware and ransomware challenges Enterprises are facing by assessing millions of ingested and dissected files that are extracted daily from data-in-motion (web traffic, email attachments, file transfers over endpoints), data-at-rest (data storage, file shares), and data-in-use (SaaS) through the combined application and use of our patented, Deep File Inspection (DFI™) analysis engine and proprietary Machine Learning (ML) algorithms.

 

Deep File Inspection (DFI™)

We empower threat hunters with an advanced analytical apparatus that leverages automated static analysis to effectively examine, identify, and classify threats while extracting Indicators of Compromise (IOCs) that can be used to identify future attacks. The DFI Analytical Pipeline provides a platform of internal analytics engines coupled with external integrations such as multi-av and detonation chambers to discover malware hidden in common carrier file types and objects at scale.

DFI™ Whitepaper
 

Unique Capabilities of InQuest's DFI™ Analytical Pipeline


 
Augment and Retrograde

Retrospective threat analysis and scoring of historical content leveraging daily emerging threat intelligence updates enables you to discover attacks that may have previously gone under the radar. Augment our intelligence with your own by defining Yara compatible signatures along with severity and confidence ratings that will be factored by our threat discovery and scoring engines.

Threat Scoring Analytics

Threat hunters can review all contributing factors that were used to generate and assign a threat score. InQuest utilizes threat scoring based on our own proprietary engine, augmented by external integrations, reputation feeds and pluggable components which provide reliable data points that are weighted and then factored into our own threat assessment.

Real-time Analytics Pipeline

Our analytical pipeline enables an organization to profile and classify large volumes of sessions, files, and objects in real-time to identify threats targeting your users.