Use Case Description
Malicious software often seeks to gain control of your systems and establish command-and-control communications to initiate processes such as exfiltrating valuable data. If a zero-day exploit has been used, there is typically no signature that can be utilized to identify the exploit and stop it before it compromises your systems. Detecting anomalous command-and-control communications is key to dealing with attacks of this type to provide your SOC staff with the information they need to quickly deal with the compromise.
InQuest’s platform constantly monitors command and control (C2) communications (DNS and IP) for signs of anomalous activity. Keeping abreast of the latest C2 nodes through threat intelligence is key for detecting this activity. Our C2 detection engine alerts you if any of those nodes are seen touching your network, so we not only focus on what is being said but also who is saying it. The InQuest Labs Team publishes daily updates of known C2 IP addresses and domains globally which are then flagged in our UI for further investigation.
Identifying anomalies in C2 communication quickly enables your SOC staff to rapidly respond to prevent exfiltration of sensitive information such as company proprietary information, account credentials, PII, etc.