Why Hunt with Infocyte?
Automated, Intelligent Threat Hunting Software
Threat Hunting & Incident Response Platform
Explore our threat hunting platform.
Agentless & Agent-based Architecture
Delivered as a flexible, hosted cloud service with a centralized cloud console hosted in the cloud and distributed scanners (agentless) and/or agents deployed internally to your network, datacenter, or cloud environment.
Deploy the HUNT agent to your endpoints for continuous threat detection, or deploy HUNT's agentless survey to scan your network with zero impact to business and network productivity
- Agentless model collects endpoint data with no pre-installed agents or permanent host footprint. Useful for incident response, compromise assessments, and hunting on sensitive systems that aren't actively monitored.
- Agent can be deployed for continuous collection and hunting.
- HUNT supports nearly all Windows and Linux-based platforms along with multiple embedded platforms.
Forensic State Analysis (FSA)
Infocyte HUNT is the only threat hunting platform using host-based Forensic State Analysis (FSA) — an in-depth process that inspects live volatile memory as well as other forensically relevant artifacts and indicators of compromise.
- Advanced detection techniques help HUNT identify unique characteristics of compromised systems, such as stealth and persistence mechanisms
- Threat hunting principles like data stacking and triage scoring are used to focus further analysis into detected outliers and anomalies
- Volatile memory forensics techniques on each host dig deeper than anti-virus and script-based solutions
Threat Intelligence & Analytics
As HUNT inspects endpoints on your network, it sends anonymized threat data to our cloud-based threat intelligence hub for enrichment, AI-powered analysis and scoring.
- Reputation and curated threat intelligence data is available for all subscribers
- Synapse is our hunt-tuned supervised machine learning model which triages and categorizes indicators of compromise, possible backdoors and remote access tools found in memory
- Hosted static and dynamic analysis capabilities work against millions of executable code samples in real-time
Threat Hunting with Forensic State Analysis
How HUNT Works
Once deployed on your network — either on-prem or via cloud — Infocyte HUNT inspects each endpoint, hunting threats that have evaded real-time prevention technologies. Both our agentless and agent-based options communicate with the central HUNT console and offer enterprises the flexibility of permanent agent-based access to endpoints or deploying a scanner to inspect endpoints agentlessly in sensitive network segments.
Our threat hunting platform consists of a central cloud-hosted console, a forward deployable scanner and/or endpoint agents, dissolvable surveys, and an advanced cloud-based threat intelligence & analysis engine.
Threat Hunting with Infocyte involves 5 steps:
- Collect: Endpoint surveys periodically collect forensic data and inspect volatile memory for changes to the state of each system
- Enrich: The collected data is sent to the console which enriches, analyzes, and scores the data with threat intelligence and reputation.
- Triage: Advanced threat hunting specific workflows such as data stacking, pivoting, and hunt-specific machine learning algorithms score the data
- Investigate: Analyze suspicious malware samples, commands in memory, and other activities to find what signatures and intelligence fail to classify
- Respond: Killing malware and locking down compromised accounts