Presentation is loading. Please wait.

Presentation is loading. Please wait.

Infocyte HUNT TM Platform

Published byDevi Rachman Modified over 6 years ago

Similar presentations

Presentation on theme: "Infocyte HUNT TM Platform"— Presentation transcript:

1 Infocyte HUNT TM Platform
The Leader in Post Breach Detection

2 Attackers Continue to Evade Security Defenses
They get in They expand and hide They are tough to detect of Threats go undetected by automated security tools1 Average time attackers dwell on networks until discovered of SOCs top challenge is detection of hidden, unknown, and emerging threats1 12017 Threat Hunting Report, Crowd Research Partners

3 Attacker Dwell Time: The Central Issue
Exploitation Installation Command & Control Lateral Movement Exfiltration Persist Real-Time Prevention & Monitoring Threat Hunting Containment, Eradication & Recovery Attack In Progress Attacker Dwell Time Response Network Breached Incident Discovered Reconnaissance

4 The faster you hunt and contain breaches, the smaller the financial impact
Reducing Dwell Time is Key Organizations that are able to contain a breach in less than 30 days paid nearly $1 million less in total breach costs.* *Ponemon Institute 2017 Cost of Data Breach Study: Global Overview

5 Where We Fit Endpoint Protection Platforms (EPP) Hunt Platforms (HP)
Real-Time Prevention & Monitoring Threat Hunting Containment, Eradication & Recovery Reconnaissance Exploitation Installation Command & Control Lateral Movement Exfiltration Persist Attack In Progress Post Breach Activity Incident Response Endpoint Protection Platforms (EPP) Hunt Platforms (HP) Incident Response Platforms (IR) Block known attack entry and/or malware installation Detect post breach activity and persistence that has bypassed EPP and EDR solutions Identify exact endpoints that need remediation Triage IR activity and workload Breach breadth and depth identification, containment, eradication, recovery and hardening against future attacks Root cause and impact assessment via log, alert, and traffic analysis Endpoint Detection and Response (EDR) It’s a nit, but I’d drop the “HP”, let people just call it Hunt Platforms just as with Forensics Solutions. Detect attacks in progress based on application behavior & IOCs Collect event history for big data investigation & downstream IR User Entity & Behavior Analytics (UEBA) User / device behavioral anomaly analytics

6 Threat Hunting Approaches Vary Dramatically
Endpoint Detection & Response (EDR) User & Entity Behavior Analytics (UEBA) Forensic State Analysis (FSA) Manual hunt through historical search and analysis of early kill chain indicators Manual hunt through behavior anomaly analysis Automated hunt through state analysis of late stage kill chain indicators Detects signals based on app behavior and IOCs Historical search Quarantining Remediation / restoration Anomalies relative to “standard” profiles and behavior (unsupervised ML common) Ingests Existing Data: User, host, app, traffic, and data storage Analyzes endpoint state including volatile memory, forensic artifacts, and OS integrity Identifies backdoors, O/S manipulation, forensic evasion, suspicious connections, and persistence Technology Data science and security expertise Big data and data mining analytics Elite understanding of evolving attacker craft Learning periods and protracted tuning Requires known-good baseline Results: Normal vs Not Normal Human required to discern good from bad No learning period No advanced skill sets necessary No reliance on existing infrastructure Low Ops impact Requirements

7 What Sets Infocyte HUNT Apart
Forensic State Analysis Memory Analytics Endpoint Characteristics Forensic Analysis Infocyte HUNT finds conclusive evidence of post breach activity that other hunt tools are prone to miss. This is made possible by the sheer depth and breadth of memory analysis supported by our FSA technology. Specifically, we provide targeted surveying of volatile memory, forensic artifacts, and OS integrity. Infocyte HUNT takes memory forensics to an entirely new level of scalability - by surveying the live memory of thousands of endpoints simultaneously. FSA also analyzes OS and application persistence mechanisms – which can trigger the execution of code or executables. This provides a far deeper, and more conclusive, examination of an endpoint’s state. File Intelligence Services Reputation Services Data

8 Infocyte HUNT 100% focused on Post Breach Detection Most Conclusive
Scalable live, volatile memory analysis and largest repository of persistence mechanisms Proactive discovery of threats and compromises already inside the network Easiest to use Agentless model requires no change management and is extremely lightweight in your environment Scales to tens of thousands of nodes Most Cost-Effective “Zero to Hero” in hours to days—not months or years Reduces dwell time to limit damage and costs Infocyte approaches threat detection from a completely new perspective – by presuming endpoints are already compromised. Infocyte Hunt provides an easy-to-use, yet powerful solution to limit risk and manage the breach detection gap. Proactively discover active or dormant malware and persistent threats that have successfully evaded existing defenses - all without a forensics specialist. Infocyte's agentless threat hunting platform for Windows and Linux rapidly assesses network endpoints for evidence of compromise – without complicated equipment or endpoint software installations. Reports score the severity of identified issues for swift resolution and risk mitigation.

9 Use Case: Threat Hunting
Full Scope Hunting Conduct sweeps of thousands of networked endpoints using forensic techniques to proactively discover threats Automation saves time and money Useful for both junior and experienced security personnel Targeted Hunting Triage security data via other analytics Create target list and scan subset of machines having suspicious indicators

10 Use Case: Compromise Assessments
A periodic evaluation of networked devices to detect threats that have evaded existing security controls Effective at detecting presence of malware, remote access tools, and other indications of unauthorized access Fast – Assess thousands of endpoints per day Affordable – A typical organization should be able to conduct it proactively and regularly (i.e. quarterly) without outside consultants Independent – The assessment does not rely on existing detection solutions already in the environment APPLICATIONS Risk Management & Mitigation Mergers & Acquisitions Third Party & Vendor Risk Management Security Program Validation / Audit

11 Use Case: Alert Validation
Infocyte HUNT provides an automated solution to help validate alerts from your SIEM, network or endpoint product Performs a scan of the endpoint in question to determine if the threat is real. Weeds out false positives and quickly identifies which alerts to escalate. Reduces the time and resources needed to manually comb through volumes of false and low priority alerts. Allows your security team to focus on remediating real threats. Leverages your existing security investments. - SIEM Alert from network or host-based monitoring drives automatic API-driven scan of affected endpoint - Infocyte returns conclusions and/or raw forensic data to SIEM

12 Infocyte HUNT Advantages
FORENSIC DEPTH Detects post breach activity that other hunt tools are prone to miss Targeted surveying of volatile memory, forensic artifacts, and OS integrity Live memory analysis - as opposed to static file export analysis BECOME THE HUNTER Automates the threat hunting process Enables your IT and security teams to hunt without specialized knowledge EASY TO IMPLEMENT Agentless surveys are fast and lightweight Full independence from existing security stack Able to survey thousands of endpoints simultaneously vs. 'single endpoint at a time’ alternatives FAST ROI “Zero to Hero” in hours to days— not months or years No expensive consultants required Reduces dwell time to limit breach damage and costs

13 Overall APT Solution of the Year Best Computer Forensic Solution
Industry Recognition Overall APT Solution of the Year NETWORK WORLD REVIEW TOP 3 THREAT HUNTING PRODUCT Best Computer Forensic Solution

14 Infocyte HUNT Architecture
Third Party Threat Intel Incyte™ Cloud Service Infocyte Lab File Intelligence Services Digital Forensic Analytic Services (executables, modules, injected memory) ON-PREMISES* Infocyte HUNT™ Server Database HUNT Core Service API UI Analyst Workstation Endpoints * Complete on-premises solution available for government

15 Seeing is Believing – Product Demonstration
1 2 3 Asset Discovery & Scanning Start Point Reporting Endpoint Analysis Results 4 5 6 Volatile Memory Analysis Advanced Analysis Attacker Movement Visualizations

16 The Leader in Post Breach Detection

17 Splunk + Infocyte Integration A single pane of glass approach to security with innovative data-centric endpoint threat hunting

18 Infocyte HUNT App for Splunk
Infocyte provides true endpoint hunting / threat discovery It answers the question: Are you compromised? Splunk provides comprehensive enterprise analysis and data-centric hunting It answers the question: How was I compromised? Infocyte + Splunk = More comprehensive threat hunting and incident response

19 Integration Benefits Reduced Incident Resolution Time
Pivots from Infocyte findings to historical logs and machine data for faster correlation and investigation Trend Analysis and Reporting Customized search, display and reporting of hunt findings over time Alerting and Event Triggers Trigger endpoint scans based on SIEM / Sensor alerts Single Pane of Glass Security Integration of the two platforms enables single pane of glass for security management, and data collection analysis

20 Splunk App Solution Overview

21 Case Studies

22 Case Study: Banking & Finance
Case Study: Banking & Financial Services Case Study: Banking & Finance Organization The acquirer is a major financial institution based in the US with over a trillion dollars in assets. The acquiree is a 50 employee wealth management firm in the US serving high net worth clients and managing over a Billion dollars in assets. Challenge As part of M&A due diligence the acquirer needed to independently verify the health of IT the acquiree’s IT systems and ensure no breaches had occurred. Solution Compromise Assessment using Infocyte HUNT™ Results 5 days to scan, analyze and report on 54 workstations and servers active on the network. Found machines that were not using corporate standard antivirus so that they could be remediated. Showed the acquiree had strong technical controls, regular security hygiene (i.e. nightly reboots), and IT policies in place to protect the network. Provided a clean bill of health for the network. Ensured confidence that the acquiree’s systems and data were clean and secure for the transaction to progress. In the end, the assessment lasted five days from the initial engagement to the final report. Infocyte was able to verify the integrity and confidentiality of the business’ information systems to the Acquirer at an unprecedented level compared to traditional due diligence methods.

23 Case Study: Public Transportation
Organization A metropolitan mass transit agency (“Metro”) serving a major US city and surrounding municipalities. Challenge In the face of increasing cyber risk to public infrastructure, Metro took steps to understand their current security posture and assess the need for more advanced security investments. Solution Compromise Assessment using Infocyte HUNT™ Results Two (2) days to scan 1000 systems. Despite enterprise-grade security, Metro was infected with six (6) variants of malware – some active as far back as 3 years. Metro was able to quickly identify and remediate the issues before they could cause any significant damage. Without a compromise assessment, Metro’s security problems would have continued to go undetected and it would have been difficult to provide tangible evidence to warrant increasing their security posture.

24 Case Study: Pierce Transit Public Transportation
Organization Pierce County Public Transportation Benefit Area Corporation (Pierce Transit) is a nationally recognized leader in the public transportation industry. Challenge Understand if any malware or advanced persistent threats (APT) were residing on the network, lying dormant or active Solution Compromise Assessment using Infocyte HUNT™ Results Over 600 endpoints enumerated and scanned by Infocyte HUNT Clean bill of health with no malware or APTs present on the network Easy to understand compromise assessment report for executives and IT staff Non-invasive technology easily implemented and quick to scan and assess “To complete a full evaluation internally without Infocyte HUNT, we would require two additional staff and over a month to evaluate our network and servers. With Infocyte’s methodology and hunt technology, we had a cost-effective solution in place that in a matter of days gave us the reassurance that our systems weren’t compromised.”

25 Case Study: U.S. Catholic Archdiocese NON-PROFIT
Organization Regional U.S. Catholic Archdiocese with thousands of parishioners, and multiple locations, both educational and religious. Challenge Understand if any malware or advanced persistent threats (APTs) were residing on network endpoints, lying dormant or active. Protect IT infrastructure and data including personal information such as Social Security Numbers, bank account information, payment card data, contact information of parishioners, employees and students. Solution Infocyte HUNT™ Results All endpoints surveyed and validated by Infocyte HUNT Deep visibility into the organization’s endpoint state Empowers the existing IT team to effectively hunt for hidden threats “Infocyte was the proactive solution the Archdiocese had been looking for to reduce risk and increase security. Simply stated, it provides the ultimate offensive attack plan and allows us to have deeper visibility into the state of our endpoints through an easy to use interface that I can quickly train staff to use.”

26 Join the Infocyte HUNT Team
Offer customers the leading post breach detection solution

27 Infocyte Partnerships Create Value & Drive Opportunity
Offer customers the leading post breach detection platform No program participation fees Expand your services portfolio Competitive discounts Recurring revenue stream with exceptional renewal rates Deal registration protection Sales and marketing support Training available

28 Create New Revenue Streams
RESELL the Infocyte HUNT Platform Add value by adding an innovative threat hunting solution created by former US Air Force cyber hunters to your portfolio. Earn significant margins by selling subscriptions to the tool with exceptional renewal rates. MSSP engagements offer the ability to provide ongoing management of the Infocyte tool. Easily Add COMPROMISE ASSESSMENT SERVICES Infocyte HUNT can be utilized by your team to conduct Compromise Assessments for customers at a fraction of the price and time of competitors. Compromise Assessments can be completed 10 times faster than assessments performed manually using traditional security monitoring and incident response solutions. Drive Revenue with SERVICES ENGAGEMENTS Infocyte Services Partners recommend products and provide services including: Compromise Assessments Implementation/deployment Training Advanced analytics Incident Response Provide customers with threat hunting services and consulting, and let Infocyte manage the sales process.

29 Partnerships To Fit Your Business Model
Technology Partners Together with our technology partners Infocyte is able to build more effective, innovative solutions to stop malware and persistent threats across the network and endpoints. Infocyte works with technology partners to collaborate on technical integration, go to market programs, and more, to bring our innovative approach to threat hunting to customers. Resellers & Distributors Infocyte Resellers and Distributors enjoy the many benefits of partnering with the leader in threat hunting. We offer our partners an innovative hunt product, high margins, and deal protection. The Infocyte Reseller and Distributor program is committed to building successful, long-term relationships that benefit both our partners and their clients. Service Providers Infocyte Services Partners recommend products and provide services from Compromise Assessments to implementation, deployment, training and advanced analytics. This is a great option for organizations that want to provide customers with threat hunting services and consulting, but prefer to let Infocyte manage the sales process.

30 Partner Close Up: Global Cybersecurity Services Provider
Organization Global provider of advanced cybersecurity services offers a combination of cutting-edge technology, experienced staff, and proven processes to their customer base across a broad range of industries. Challenge Despite having an arsenal of AV, Firewall, Intrusion Detection and other security tools at their disposal, the reseller saw a need for a post breach detection solution to combat malware and APTs. They heard about Infocyte from a news article and reached out about a POC and partnering opportunities. Partnering Model Resell and Provide Managed Services for Infocyte HUNT™ Results Expanded solution portfolio to include threat hunting. Able to find threats using Infocyte HUNT that other solutions in their portfolio could not find. For example, Infocyte was the only solution that could find the presence of the "minerd" cryptocurrency miner malware on a customer’s network. Immediate sales/revenue returns with multiple accounts, with opportunities for future expansion within these accounts. Built $1M pipeline in 6 months.

Download ppt "Infocyte HUNT TM Platform"

Similar presentations

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

Similar presentations

Ads by Google