Use Case Description
Web traffic makes up the vast majority of network traffic entering and leaving a corporate network. ICAP (the Internet Content Adaptation Protocol) provides a mechanism for web proxies to present web traffic for inspection and modification. A corporate environment could combine its existing proxy infrastructure with an ICAP provider to detect outbound data leakage, inbound threats, command and control traffic for existing malicious software, and policy enforcement.
The InQuest platform includes a comprehensive ICAP solution that provides data leakage prevention, threat blocking, and command and control detection.
Data Leakage Prevention
The InQuest ICAP server inspects all outbound web traffic. If data leakage is detected, the request is blocked and the session logged. This provides network administrators real-time notification and in-depth analysis of potential data leaks.
By using InQuest's custom signature capability, users can tailor data loss prevention to their own critical data while simultaneously taking advantage of InQuest's best-of-breed generic data leakage detection.
Visits to malicious websites, or attempts to download malicious documents and software, can be detected and blocked in real time by the InQuest ICAP server working in concert with a corporate proxy. InQuest's comprehensive threat-detection rules, machine learning-based threat detection, and cloud intelligence are brought to bear on each visited web page, document, and download. Security analysts are notified in real-time of threats, and those threats can be immediately blocked.
Command and Control Detection
Once a system becomes infected with malware, the malicious software will often attempt to "phone home" by contacting a command and control systems. These communication attempts may be to receive instructions on how to attack other systems or to exfiltrate sensitive data. Web-based command and control traffic is detected and blocked in real time by InQuest's ICAP solution, preventing data exfiltration and potentially halting further compromise. Security analysts are notified in real time to provide instant visibility into command and control communication.