PROTECT THE CLOUD

RetroHunting as a Service


The demand for threat hunters to combat the unrelenting wave of new attacks targeting their organizations is on the rise. Detection of Advanced Persistent Threats (APTs) and the inability of enterprises to hire subject matter experts to perform intrusion analysis and threat hunting are some of the biggest challenges security operation centers (SOCs) are facing today.

 

Challenge


Advanced and emerging threats pose a significant challenge to prevent or even detect in real-time and many evade the enterprise defenses. Most organizations do not know that they have been breached until days, months, or even years of dwell time has passed.

Threat actors with malicious intent are capable of inflicting serious damage to critical infrastructure or steal an organization's most sensitive data without ever being noticed. Limitations in security toolsets' ability to identify stealthy malware and ransomware lurking inside a variety of file formats combined with alerts that provide little contextual information for swift decision-making all pose significant challenges to an organization's ability to minimize the risks they're facing with today's threat landscape.

Solution


The InQuest Deep File Inspection (DFI) platform is designed to address the increasing demand for advanced cyber defenses as well as the inability of organizations to fill key security roles. Our solution augments your analytical workflow by utilizing intelligent automations and data orchestration through strategic integrations.

We optimize and scale the work of Threat Hunters by performing proactive Threat Hunting through the use of automated, manual, and scheduled retrospective analysis leveraging our Deep File Inspection and RetroHunt engines.

Since we retain all network session information and associated file artifacts regardless of the severity at the time of capture, we can answer the question "Was this new attack or technique ever successful in evading our security defenses?"

We provide the ability to retrospectively analyze every historical artifact that we've retained to determine whether or not it was used to infiltrate your organization.

 

Unique Capabilities of InQuest's RetroHunting as a Service


 
Retrospective Analysis

Threat Hunters can leverage retrospective analysis of data captured in the past to identify advanced malware that may have initially bypassed detection at the time of delivery.

Deep File Inspection (DFI)

Our high-throughput DFI engine dissects common carriers to expose embedded logic (macros, scripts, applets), semantic context (e.g., cells of the spreadsheet, words in a presentation), and metadata (e.g., author, edit time, page count).

Human + Machine

RetroHunting uses advanced Machine Learning algorithms and our patented Deep File Inspection engine combined with the latest heuristics and signatures to analyze historical data. This enables threat hunters to analyze historical data (sessions, files, etc.) with today's signatures and threat intelligence.

Intelligent Orchestration

This includes bi-directional orchestration with multi-av and sandbox solutions, unique threat intelligence sources and a seasoned signature development team augmented by machine learning. It provides optional, turnkey integrations with a variety of complementary technologies. Intelligent orchestration is implemented to provide data to and ingest results from these integrations. Ingested results are interpreted by our threat scoring algorithm, which is updated and driven by empirical observations, research efforts, and mass ingestion of malware.

Unique Threat Intelligence

Our platform leverages a variety of sources in an automated, decision-making engine. It reduces the amount of time spent performing manual threat research which empowers your security operations and improves your ability to predict, detect, hunt, and prevent intrusions. Threat hunters can quickly respond to emerging threats targeting your organization through the use of our threat intelligence services, which acquires, analyzes, and incorporates threat intelligence information from hundreds of public, private, and internal sources.