Advanced Threat Protection Prevention and Response Solutions - The Best Weapon against Zero-Day attacks, Command and Control (C2) activity and Advanced Persistent Threats (APTs)

Intrusion detection and prevention systems largely identify threats to a network by matching against signatures of known attacks, which is largely ineffective against zero-day malware.

InQuest leverages partnerships, in-house capabilities, and third-party tools to build a comprehensive picture of potential threats passing through a protected network boundary.

Using this information, a threat score is automatically applied to each network session and probable threats are escalated to analysts, allowing rapid detection, triage, and remediation of network threats.

InQuest Zero Day Protection

InQuest draws from a variety of intelligence sources, shares this intel with the users through manual or automatic updates, and provides a plethora of information via the InQuest User Interface for discovery and analysis of zero-day threats.

InQuest Intelligence Sources

InQuest collects intelligence from a variety of internal, private, and public sources. Internally, InQuest uses hands-on experience gained from dealing with daily, real-world attacks to identify, triage, and develop signatures for malware detection. InQuest partners closely with Exodus Intelligence and collaborates with other research organizations. Using web crawlers and aggregation tools, InQuest collects data from a variety of public sources and stores it in an internal data lake. These data feeds are distributed across InQuest's customer deployments and provide a comprehensive view of potentially new or unknown threats targeting those environments.

InQuest Automated Updates

InQuest offers an optional, automated update service, providing code, signature, and intelligence updates. By enabling this service, InQuest systems are kept up-to-date on the latest threats and provide protection against attacks evolving in real time.

Automated Threat Scoring and Alerting

InQuest provides a variety of built-in and integrated solutions for assigning threat levels to network traffic passing through the perimeter of a protected network. Here, details of tools helpful in zero day attack prevention - and methods for accessing the results of these tools - will be displayed.

Known Malicious Domain Monitoring

It is not uncommon for malware authors to use the same command-and-control or download servers for a variety of malware campaigns. InQuest provides an automated monitoring service for any resolution attempt of known malicious domains. If a new malware variant uses known command-and-control or download servers, an alert will be generated for the malicious traffic, allowing security personnel to shut down even zero hour malware.

InQuest URL Analyzer

InQuest provides an integrated URL analysis engine. Based upon the structure of observed URLs, the URL Analyzer determines the probability that traffic is malicious. Even if a zero day attack uses unknown command-and-control or download servers, if the URL shares common properties with other malicious sites, an alert will be raised to draw attention to the suspicious traffic.

InQuest File Analyzer

Malware authors commonly embed malicious code within a benign file in order to increase the probability that it will be able to enter the network perimeter and entice users to execute the malicious functionality. It is not uncommon for a zero day attack to include some previously-known malicious code (for example, a new exploit that installs a common malware backdoor or downloader). InQuest’s file dissection engine recursively unwraps the levels of obfuscation around malicious code and tests each level using best-in-breed, third-party analysis tools, maximizing the probability that even a zero-day attack will be detected when entering the protected network.

SIEM Integration

InQuest offers seamless integration with several third-party tools to provide robust antivirus, sandboxing, reputation checking, and automated malware analysis capabilities. While not enabled by default, the following tools can be painlessly configured to improve detection of even zero-day attacks:

  • InQuest Automatic Updates: Enables InQuest cloud connectivity for automatically retrieving and applying code, signature, and intelligence (C2) updates.
  • Cuckoo Sandbox: Sandbox that performs dynamic malware analysis.
  • CrowdStrike Sandbox: Automated malware analysis system.
  • Trellix: Hardware appliance that performs dynamic analysis of files.
  • InQuest Eyelet Reputation: Cloud-based reputation database
  • InQuest MultiAV: Provides cloud-based hash analysis.
  • InQuest Threat Exchange: Enables communication with the InQuest Cloud-based threat exchange which provides shared threat information on IPs, domains, URLs, and file hashes.
  • Joe Sandbox: Sandbox for deep malware analysis
  • OPSWAT Metadefender Core: Hardware appliance that leverages multiple AV engines to scan files.
  • VirusTotal: Online service used to look up AV reports for known-bad hashes.
InQuest User Interface

Based upon the information gathered by InQuest’s onboard and integrated threat analysis capabilities, the system automatically generates a threat score for each session and file entering or leaving the network. These threat scores are displayed via the InQuest User Interface (UI), which highlights probable threats against the protected network. The UI also supports a wide range of queries against collected data, allowing an analyst to explore relationships and extract details regarding threats targeting their environment.