Retrospective Analysis Fueled by Deep File Inspection (DFI®)
The purpose of this whitepaper is to detail the functionality and benefits of the InQuest® platform, specifically it’s Deep File Inspection (DFI®) and RetroHunting® capabilities. Fundamentally, DFI empowers defenders with a new dimension of data while RetroHunting exposes a new dimension of time. This novel capability is made possible through a proprietary, carrier-class, network traffic processor coupled with a custom file storage algorithm focused on atomic level deduplication. Regardless of whether or not there is any perceived threat or data-loss event at the time of ingestion, all files and session metadata are inspected and stored for future reinspection. Retrospective analysis is initiated both automatically, on regularly scheduled intervals, and manually by users of the platform. The default platform settings result in three independent analyses of every captured file over as many weeks. In other words, an alert may be generated for data ingested three weeks ago, based on the latest threat intelligence from today.