Breach Detection

Stop Data leakage or Exfiltration by Identifying and Preventing C2 Activity

With data breaches on the rise, critical assets and sensitive information are increasingly attractive targets for cybercriminals. Organizations with basic security controls are almost always unaware of a threat actor's foothold or even presence in their environment until months or even years of dwell time after the initial intrusion.

Defend the Enterprise from threat actors with Inquest's network, data, ​and email incident and Breach Detection System of tools.
Hackers and threat actors represent a major security challenge for enterprises


Threat actors commonly leverage sophisticated attack methodologies and evasion techniques that are capable of bypassing a variety of security controls employed by businesses today. The initial intrusion and successful compromise provides the attacker with a foothold that is then leveraged to perform internal reconnaissance and lateral movement throughout their campaign. Destruction, encryption and/or exfiltration of the organization's sensitive assets and data almost always follows.


the Inquest Breach Detection System (BDS) is the solution to a range of incident types and security threats

FDR Breach Detection is dedicated to providing full visibility of all inbound and outbound enterprise network traffic flow to determine whether a breach has occurred. The solution is capable of identifying Command and Control (C2) activity associated with advanced persistent threats (APTs) by performing behavioral analytics and leveraging unique Indicators of Compromise (IoC) acquired and curated by InQuest Labs. The system is designed to detect and/or prevent the C2 activity of sophisticated actors and their tradecraft - ultimately reducing the dwell time that can eventually lead to data leakage or exfiltration.

The Advantages of FDR Breach Detection

powered by human and machine learning
Powered by Human + Machine (ML)

InQuest's proprietary Machine Learning (ML) engine is comprised of four well-vetted classifiers and uses previously collected data on malicious and benign content to automatically detect patterns that might go undetected by signature-based detection engines.

Command and Control (C2) Detection
Command & Control (C2) Detection

InQuest's platform provides continuous protection against Command and Control (C2) activity with a specific focus on Domain and IP communications. Our C2 detection engine is regularly updated with Indicators of Compromise (IOC) sourced from a combination of internal, private and public threat intelligence feeds.

Real-Time Threat Protection
Real-Time Threat Protection

The InQuest BDS focuses on dynamic malicious activities within your Enterprise. It identifies breaches using a combination of heuristics, traffic analysis, and risk assessment. Using these methodologies, the BDS identifies breaches by detecting the Command and Control (C2) activity as it occurs ultimately discovering successful attacks that had previously gone undetected.

Indication of Compromise (IoC)
Indication of Compromise (IoC)

We determine the nature of the threat through the use of an event taxonomy coupled with MITRE's ATT&CK Framework to better inform network defenders. This enables defenders to combat the adversaries by identifying threat patterns that map individual intrusions to actual attack campaigns.

Data Loss Prevention DLP
Data Loss Prevention

The InQuest platform provides functionality that empowers analysts with the ability to easily and efficiently identify data exfiltration occurring across their Enterprise. Our Data Loss Prevention (DLP) consists of four analytical operations: Capture, Dissect, Identify, and Alert.