Solutions Overview
InQuest focuses its scrutiny to identify, process and inspect files downloaded over the web or received via email to detect malicious code in transit. Innovative Deep File Inspection (DFI) techniques are applied to live monitored network traffic providing insights into even the most creative combinations of obfuscation.
This raw network data is fed through a gauntlet of proprietary security checks and is also made available for integration with your existing security infrastructure. There are currently integrations available for a variety of antivirus and sandbox technologies that serve in a complementary capacity to the analysis that InQuest is performing.
Most modern malware prevention solutions have limitations around the detection, inspection and mitigation of embedded file content. Malware is commonly nested in multiple levels of compression, embedded in complex PDF object streams or buried within JAR files.
Existing solutions in the space handle little, if any, unraveling of the numerous layers that knowledgeable attackers are employing today to avoid detection. Our software applies considerable resources and ingenuity towards the task of peeling back these various layers and unmasking the malware within.
These typically hidden layers are analyzed by InQuest's threat detection capabilities and sometimes also in tandem with other 3rd party security solutions to reveal true positives. In addition to threat detection, the InQuest platforms applies these unraveling techniques to detect sensitive data in motion including confidential documents and personal identifiable information. Furthermore, InQuest leverages the advantages of hindsight by cataloguing and rescanning artifacts through our historical threat detection engine know as RetroHunt.
Capture, Analyze and Assign.
- Capture and catalog all web and e-mail session information at 10Gb rates. Retention history is limited only by your underlying hardware.
- Automatically extract, analyze (expand, decode, etc.), and score all session artifacts including URLs, IPs, domains, files, and even e-mail addresses.
- Our threat scoring algorithm factors information from all available sources to produce a single, digestible, well balanced threat score.
- Sort, assign, research, and track workflow of all event management directly from within our UI; or not, we support SIEM integration via syslog as well.
Search, Research, and Collaborate.
- Powerful search. Slice through aggregated data by TCP session, file, threat, or command and control end-point.
- Store and recall custom searches privately or via group shares. Allowing for collaboration between peers.
- Integrated research tools allow analysts to examine raw file content, reference our signature knowledge base, and utilize common web tools without leaving their browser tab.
Augment and Retrograde.
- Up-to-date intel delivered weekly and as needed to keep up with the latest attack methodologies and campaigns.
- Augment our intelligence with your own by defining Yara compatible signatures along with a severity and confidence rating that will be considered by our threat detection and scoring engines.
- Retrograde threat assignment on historical traffic based on the latest threat information. Discovering attacks that may have previously gone under the radar.
Tuning, Access Control, and Authentication.
- Support for multiple authentication backends including on-board, Active Directory (AD), LDAP, RADIUS, and TACACS+.
- Granular access controls and customizable group policies available both on-board and remotely via AD or LDAP integration.
- Flexible filtration options to filter by VLAN id, CIDR block, etc. Multiple sources for tuning including per component MIME exceptions, host exclusions, white listing, black listing, etc.
Key Differentiators
- Our detection rate of Data Loss (PII, sensitive/classified information, etc.) powered by InQuest Labs with the option for the customer to define their own Data Loss Detection content through the use of user-defined signatures.
- Our 0day coverage and detection rate powered by InQuest Labs as well as our partnership with Exodus intelligence for real-time and historical detection of exploitation attempts targeting 0day vulnerabilities in the most commonly used file formats.
- We provide the customer with the ability to perform Hunting through historical artifact queries and file analysis using our internal RetroHunt component (retrospective static file analysis).
- We minimize the data center footprint by offering the customer with the option of aggregating network feeds and mirroring them to a single 1U 20Gb appliance.
