FileTAC

1 recensione

FileTAC provides dynamic analysis and detection capabilities that enable identification and response to a variety of cyber threats targeting enterprise networks: • Breach Detection • Exploitation Techniques • Intrusion Attempts • Malicious Actors • Suspicious Behavior Key features include: • High-Performance Network Inspection » Monitoring network traffic at throughput speeds from 100 Mbps to 40 Gbps » Full session analysis leveraging behavioral and advanced analytical techniques - including Machine Learning (ML) - to identify and respond to anomalous suspicious behavior • Turnkey physical and virtual appliance form factors • Physical appliances provide excellent data center economics - minimizing data center footprint (via 1U form factor), power, and cooling needs • Appliances collectively managed via single pane of glass • Ingests data in-motion, data in-use, and data at-rest • Complex threat hunting tasks are automated by leveraging intrusion analysis, intrusion detection, incident response, and event triage • Alert on malicious network activities, investigate, and perform forensics analysis to determine root cause and then respond using event triage and mitigation • Multiple Inspection Techniques » Deep File Inspection (DFI) employs detection logic at numerous layers to uncover a wide variety of attack and exploitation techniques » » Rapidly dissects files to expose evasions and malicious content within embedded logic (macros, scripts, applets), semantic context (spreadsheet cells, presentation words, etc.), and metadata (author, edit time, page count, etc) » » Full artifact inspection including session-level metadata (web headers), domains, files, hashes, headers, IPs, SSL certificates and URLs » » Optical Character Recognition (OCR), Computer Vision, and Perception Hashing used to inspect embedded images for presence of malware » Machine Learning (ML) incorporates advanced algorithms that leverage supervised classifiers and unsupervised clusters - designed to query vast amounts of data, discover patterns, and generate valuable insights » Algorithms are leveraged to identify/pinpoint threats without the use of IOCs » Sandbox integrations » Multi-scanning technologies • Breach Detection and Containment » Full visibility of all inbound and outbound enterprise network traffic flow to determine whether a breach has occurred » Identifies Command and Control (C2) activity associated with advanced persistent threats (APTs) by performing behavioral analytics and leveraging unique Indicators of Compromise (IoC) acquired and curated by InQuest Labs » Detects and/or prevents C2 activity of sophisticated actors and their tradecraft - ultimately reducing the dwell time that can eventually lead to data leakage or exfiltration • Emerging Threat Detection » Inspection engine utilizes heuristics and signature-based analytical pipelines to identify real-world emerging threats - blocking Zero-Day attacks and N-Day attacks • Retrospective Malware Detection » Via RetroHunting, files are inspected for latest threats to ensure even the most sophisticated attacks don’t go undetected - even if initially missed • Data Loss Prevention » Inspection of all file content and context to identify data exfiltration - ensuring sensitive information never leaves your environment • IQScore » Each file is dissected into an array of artifacts - each artifact is then given an IQ Score » Scores are driven by all available intelligence including discrete, heuristic, and ML score contributors » Threat receipts show intel sources at-a-glance » Signature pairings for "heating" and “cooling" based on latest threat intel » Block, alert, investigate recommendations give SecOps clear guidance on enforcement policy • Proactive Threat Intelligence » Built-in incident response workflow, remediation, and breach containment alleviate investigative workflows for your operators » Provides the ability to proactively track and hunt for emerging threats that have targeted your environment • RetroHunt Capability » SecOps personnel can retrospectively identify the most sophisticated threats to determine which assets have been impacted • Invisible to outsiders / attackers

MailTAC

0 recensioni

La soluzione di sicurezza integrata per email cloud di InQuest, MailTAC, sfrutta la tecnologia Deep File Inspection® per analizzare rapidamente i file e rivelare le minacce, anche quando il contenuto dannoso è incorporato in macro, script, applet, celle di fogli di calcolo o metadati. MailTAC fornisce preziose informazioni attraverso l'analisi delle intestazioni e dei link, così puoi rilevare e prevenire proattivamente le potenziali minacce. Scansiona più a fondo, impara più velocemente e sii pronto per qualsiasi minaccia via email. Che la minaccia stia colpendo la tua rete per la prima volta o si sia nascosta sui tuoi server senza essere rilevata, la nostra soluzione di sicurezza email ha gli strumenti di cui hai bisogno per trovarla, scoprirla e fermarla sul nascere.

InSights

0 recensioni

Sfrutta la prospettiva e l'intuizione uniche di InQuest per individuare le minacce mesi prima della concorrenza. Il nostro team di Threat Intelligence raccoglie e analizza fonti di dati uniche da feed di settore open source, così come set di dati proprietari di InQuest, per fornirti indicatori di compromissione all'avanguardia e altamente affidabili, in modo da poter anticipare le minacce emergenti e ridurre i tempi di permanenza.

NetTAC

0 recensioni

Analisi e rilevamento ad alta velocità e ad alto volume contro il traffico di rete della tua impresa. Ottieni piena visibilità del tuo traffico di rete, automatizza la caccia alle minacce, rileva le minacce informatiche e potenzia il tuo team SOC con le capacità di analisi e risposta più avanzate disponibili ovunque.