DEFEND THE ENTERPRISE

Threat Prevention


Cyber attacks and data breaches continue to make the headlines on an almost daily basis. Massive breaches have exposed proprietary and sensitive company data, social media account takeovers, and organizations large and small have been severely impacted by ransomware attacks and threat campaigns.

 

Challenge


Threat actors use evasive tactics to bypass security defenses such as weaponizing shellcode to steal personal identifiable information (PII) from vulnerable targets or lure users into clicking on nefarious links to download malicious files, ultimately harvesting their account credentials or financial information, leading to financial or reputational losses. Most organizations are unaware of a threat actor's presence or that malware has successfully breached them until months or even years of dwell time after the initial compromise has occurred.

Solution


InQuest's Threat Prevention is designed to provide protection against emerging threats, Zero-Day attacks, Command & Control (C2) activity, and Advanced Persistent Threats (APTs). Our platform addresses enterprise security challenges that legacy and traditional prevention systems continuously fail to overcome. It provides multiple inspection techniques using patented Deep File Inspection (DFI) and RetroHunting capabilities, which are powered by Machine Learning (ML) algorithms, daily curated threat intelligence, and a dedicated team of security researchers, while leveraging comprehensive visibility of the enterprise's data-in-motion. We support a variety of deployment methods, each providing unparalleled coverage of various exploitation techniques and threat vectors.

The Advantages of Threat Prevention


Full Visibility of Encrypted Traffic

Comprehensive real-time visibility, inline inspection through strategic integrations for all inbound and outbound encrypted traffic at speeds ranging from megabits per second to multi-gigabits per second, leveraging patented Deep File Inspection (DFI) to detect and analyze web-borne threats and malware lurking in the traffic to determine the nature of the threat.

Deep File Inspection (DFI)

High-throughput DFI capability processes a magnitude of files to automate the work of SOC analysts. DFI dissects common carriers to expose embedded logic (macros, scripts, applets), semantic context, and metadata (e.g. author, edit time, page count).

Automated Static Analysis

Our solution performs high throughput static analysis, leveraging our Deep File Inspection (DFI) which involves inspecting files and determining the nature of the threat without executing the code. It performs dissection, unwrapping and unpacking of the embedded content and classifies files to support real-time, high-volume applications.

Zero-Day Attack Coverage

InQuest leverages partnerships, in-house capabilities, and third-party tools to build a comprehensive context of potential threats passing through protected network boundaries which provides protection against sophisticated attack techniques targeting publicly unknown vulnerabilities. Coverage for these attacks is delivered via automated updates and feeds to ensure continuous protection of client infrastructure around the clock ultimately allowing rapid detection, triage, and remediation of network threats.

Retrospective Analysis

Threat Hunters can leverage retrospective analysis of historical file and session data powered by Deep File Inspection (DFI) through the use of RetroHunting to identify attacks and associated malware that may have initially gone undetected.

Unique Threat Intelligence

Our platform leverages an automated decision-making engine to discover threats. It reduces the amount of time spent performing manual threat research, which empowers your security operations and improves your ability to predict, detect, and hunt potential evasions. Threat hunters can quickly respond to emerging threats targeting your organization through the use of our threat intelligence services, which acquires, analyzes, and incorporates threat intelligence information from hundreds of public, private, and internal sources.