310 likes | 428 Views
Infocyte HUNT TM Platform. The Leader in Post Breach Detection. Attackers Continue to Evade Security Defenses. They get in. They expand and hide. They are tough to detect. Average time attackers dwell on networks until discovered.
E N D
Infocyte HUNT TM Platform The Leader in Post Breach Detection
Attackers Continue to Evade Security Defenses They get in They expand and hide They are tough to detect Average time attackers dwell on networks until discovered of SOCs top challenge is detection of hidden, unknown, and emerging threats1 of Threats go undetected by automated security tools1 12017 Threat Hunting Report, Crowd Research Partners
Attacker Dwell Time: The Central Issue • Containment, Eradication & Recovery Real-Time Prevention & Monitoring Threat Hunting Reconnaissance Exploitation Installation Command & Control Lateral Movement Exfiltration Persist Attack In Progress Attacker Dwell Time Response Network Breached Incident Discovered
The faster you hunt and contain breaches, the smaller the financial impact Reducing Dwell Time is Key Organizations that are able to contain a breach in less than 30 days paid nearly $1 million less in total breach costs.* *Ponemon Institute 2017 Cost of Data Breach Study: Global Overview
Where We Fit Real-Time Prevention & Monitoring Threat Hunting Containment, Eradication & Recovery Reconnaissance Exploitation Installation Command & Control Lateral Movement Exfiltration Persist Attack In Progress Post Breach Activity Incident Response Endpoint Protection Platforms (EPP) Hunt Platforms (HP) Incident Response Platforms (IR) • Block known attack entry and/or malware installation • Detect post breach activity and persistence that has bypassed EPP and EDR solutions • Identify exact endpoints that need remediation • Triage IR activity and workload • Breach breadth and depth identification, containment, eradication, recovery and hardening against future attacks • Root cause and impact assessment via log, alert, and traffic analysis Endpoint Detection and Response (EDR) • Detect attacks in progress based on application behavior & IOCs • Collect event history for big data investigation & downstream IR User Entity & Behavior Analytics (UEBA) • User / device behavioral anomaly analytics
Threat Hunting Approaches Vary Dramatically Endpoint Detection & Response (EDR) User & Entity Behavior Analytics (UEBA) Forensic State Analysis (FSA) • Manual hunt through historical search and analysis of early kill chain indicators • Manual hunt through behavior anomaly analysis • Automated hunt through state analysis of late stage kill chain indicators • Detects signals based on app behavior and IOCs • Historical search • Quarantining • Remediation / restoration • Anomalies relative to “standard” profiles and behavior (unsupervised ML common) • Ingests Existing Data: User, host, app, traffic, and data storage • Analyzes endpoint state including volatile memory, forensic artifacts, and OS integrity • Identifies backdoors, O/S manipulation, forensic evasion, suspicious connections, and persistence Technology • Data science and security expertise • Big data and data mining analytics • Elite understanding of evolving attacker craft • Learning periods and protracted tuning • Requires known-good baseline • Results: Normal vs Not Normal • Human required to discern good from bad • No learning period • No advanced skill sets necessary • No reliance on existing infrastructure • Low Ops impact Requirements
What Sets Infocyte HUNT Apart Forensic State Analysis Memory Analytics Endpoint Characteristics Forensic Analysis File Intelligence Services Reputation Services Data
100% focused on Post Breach Detection • Most Conclusive • Scalable live, volatile memory analysis and largest repository of persistence mechanisms • Proactive discovery of threats and compromises already inside the network • Easiest to use • Agentless model requires no change management and is extremely lightweight in your environment • Scales to tens of thousands of nodes • Most Cost-Effective • “Zero to Hero” in hours to days—not months or years • Reduces dwell time to limit damage and costs Infocyte HUNT
Use Case: Threat Hunting Full Scope Hunting • Conduct sweeps of thousands of networked endpoints using forensic techniques to proactively discover threats • Automation saves time and money • Useful for both junior and experienced security personnel Targeted Hunting • Triage security data via other analytics • Create target list and scan subset of machines having suspicious indicators
Use Case: Compromise Assessments A periodic evaluation of networked devices to detect threats that have evaded existing security controls • Effective at detecting presence of malware, remote access tools, and other indications of unauthorized access • Fast– Assess thousands of endpoints per day • Affordable – A typical organization should be able to conduct it proactively and regularly (i.e. quarterly) without outside consultants • Independent – The assessment does not rely on existing detection solutions already in the environment • APPLICATIONS • Risk Management & Mitigation • Mergers & Acquisitions • Third Party & Vendor Risk Management • Security Program Validation / Audit
Use Case: Alert Validation • Infocyte HUNT provides an automated solution to help validate alerts from your SIEM, network or endpoint product • Performs a scan of the endpoint in question to determine if the threat is real. • Weeds out false positives and quickly identifies which alerts to escalate. • Reduces the time and resources needed to manually comb through volumes of false and low priority alerts. • Allows your security team to focus on remediating real threats. • Leverages your existing security investments.
Infocyte HUNT Advantages FORENSIC DEPTH • Detects post breach activity that other hunt tools are prone to miss • Targeted surveying of volatile memory, forensic artifacts, and OS integrity • Live memory analysis - as opposed to static file export analysis BECOME THE HUNTER • Automates the threat hunting process • Enables your IT and security teams to hunt without specialized knowledge EASY TO IMPLEMENT • Agentless surveys are fast and lightweight • Full independence from existing security stack • Able to survey thousands of endpoints simultaneously vs. 'single endpoint at a time’ alternatives FAST ROI • “Zero to Hero” in hours to days—not months or years • No expensive consultants required • Reduces dwell time to limit breach damage and costs
Industry Recognition Overall APT Solution of the Year NETWORK WORLD REVIEW TOP 3 THREAT HUNTING PRODUCT Best Computer Forensic Solution
Infocyte HUNT Architecture Third Party Threat Intel Incyte™ Cloud Service Infocyte Lab Digital Forensic Analytic Services (executables, modules, injected memory) File Intelligence Services Infocyte HUNT™ Server API UI HUNT Core Service Database Analyst Workstation Endpoints ON-PREMISES* * Complete on-premises solution available for government
Seeing is Believing – Product Demonstration 1 2 3 Asset Discovery & Scanning Start Point Reporting Endpoint Analysis Results 4 5 6 Volatile Memory Analysis Advanced Analysis Attacker Movement Visualizations
The Leader in Post Breach Detection www.infocyte.com
Splunk + Infocyte IntegrationA single pane of glass approach to security with innovative data-centric endpoint threat hunting
Infocyte HUNT App for Splunk • Infocyte provides true endpoint hunting / threat discovery • It answers the question:Are you compromised? • Splunk provides comprehensive enterprise analysis and data-centric hunting • It answers the question: How was I compromised? Infocyte + Splunk =More comprehensive threat hunting and incident response
Integration Benefits • Reduced Incident Resolution Time • Pivots from Infocyte findings to historical logs and machine data for faster correlation and investigation • Trend Analysis and Reporting • Customized search, display and reporting of hunt findings over time • Alerting and Event Triggers • Trigger endpoint scans based on SIEM / Sensor alerts • Single Pane of Glass Security • Integration of the two platforms enables single pane of glass for security management, and data collection analysis
Case Study: Banking & Financial Services Case Study: Banking & Finance Organization • The acquirer is a major financial institution based in the US with over a trillion dollars in assets. • The acquiree is a 50 employee wealth management firm in the US serving high net worth clients and managing over a Billion dollars in assets. Challenge • As part of M&A due diligence the acquirer needed to independently verify the health of IT the acquiree’s IT systems and ensure no breaches had occurred. Solution • Compromise Assessment using Infocyte HUNT™ Results • 5 days to scan, analyze and report on 54 workstations and servers active on the network. • Found machines that were not using corporate standard antivirus so that they could be remediated. • Showed the acquiree had strong technical controls, regular security hygiene (i.e. nightly reboots), and IT policies in place to protect the network. • Provided a clean bill of health for the network. • Ensured confidence that the acquiree’s systems and data were clean and secure for the transaction to progress. In the end, the assessment lasted five days from the initial engagement to the final report. Infocyte was able to verify the integrity and confidentiality of the business’ information systems to the Acquirer at an unprecedented level compared to traditional due diligence methods.
Case Study: Public Transportation Organization • A metropolitan mass transit agency (“Metro”) serving a major US city and surrounding municipalities. Challenge • In the face of increasing cyber risk to public infrastructure, Metro took steps to understand their current security posture and assess the need for more advanced security investments. Solution • Compromise Assessment using Infocyte HUNT™ Results • Two (2) days to scan 1000 systems. • Despite enterprise-grade security, Metro was infected with six (6) variants of malware – some active as far back as 3 years. • Metro was able to quickly identify and remediate the issues before they could cause any significant damage. Without a compromise assessment, Metro’s security problems would have continued to go undetected and it would have been difficult to provide tangible evidence to warrant increasing their security posture.
Case Study: Pierce TransitPublic Transportation Organization • Pierce County Public Transportation Benefit Area Corporation (Pierce Transit) is a nationally recognized leader in the public transportation industry. Challenge • Understand if any malware or advanced persistent threats (APT) were residing on the network, lying dormant or active Solution • Compromise Assessment using Infocyte HUNT™ Results • Over 600 endpoints enumerated and scanned by Infocyte HUNT • Clean bill of health with no malware or APTs present on the network • Easy to understand compromise assessment report for executives and IT staff • Non-invasive technology easily implemented and quick to scan and assess “To complete a full evaluation internally without Infocyte HUNT, we would require two additional staff and over a month to evaluate our network and servers. With Infocyte’s methodology and hunt technology, we had a cost-effective solution in place that in a matter of days gave us the reassurance that our systems weren’t compromised.”
Case Study: U.S. Catholic ArchdioceseNON-PROFIT Organization • Regional U.S. Catholic Archdiocese with thousands of parishioners, and multiple locations, both educational and religious. Challenge • Understand if any malware or advanced persistent threats (APTs) were residing on network endpoints, lying dormant or active. • Protect IT infrastructure and data including personal information such as Social Security Numbers, bank account information, payment card data, contact information of parishioners, employees and students. Solution • Infocyte HUNT™ Results • All endpoints surveyed and validated by Infocyte HUNT • Deep visibility into the organization’s endpoint state • Empowers the existing IT team to effectively hunt for hidden threats “Infocyte was the proactive solution the Archdiocese had been looking for to reduce risk and increase security. Simply stated, it provides the ultimate offensive attack plan and allows us to have deeper visibility into the state of our endpoints through an easy to use interface that I can quickly train staff to use.”
Join the Infocyte HUNT Team Offer customers the leading post breach detection solution
Infocyte Partnerships Create Value & Drive Opportunity • Offer customers the leading post breach detection platform • No program participation fees • Expand your services portfolio • Competitive discounts • Recurring revenue stream with exceptional renewal rates • Deal registration protection • Sales and marketing support • Training available
Create New Revenue Streams Easily Add COMPROMISE ASSESSMENT SERVICES • Infocyte HUNT can be utilized by your team to conduct Compromise Assessments for customers at a fraction of the price and time of competitors. • Compromise Assessments can be completed 10 times faster than assessments performed manually using traditional security monitoring and incident response solutions. RESELL the Infocyte HUNT Platform • Add value by adding an innovative threat hunting solution created by former US Air Force cyber hunters to your portfolio. • Earn significant margins by selling subscriptions to the tool with exceptional renewal rates. • MSSP engagements offer the ability to provide ongoing management of the Infocyte tool. Drive Revenue with SERVICES ENGAGEMENTS • Infocyte Services Partners recommend products and provide services including: • Compromise Assessments • Implementation/deployment • Training • Advanced analytics • Incident Response • Provide customers with threat hunting services and consulting, and let Infocyte manage the sales process.
Partnerships To Fit Your Business Model Technology Partners • Together with our technology partners Infocyte is able to build more effective, innovative solutions to stop malware and persistent threats across the network and endpoints. • Infocyte works with technology partners to collaborate on technical integration, go to market programs, and more, to bring our innovative approach to threat hunting to customers. Resellers & Distributors • Infocyte Resellers and Distributors enjoy the many benefits of partnering with the leader in threat hunting. We offer our partners an innovative hunt product, high margins, and deal protection. • The Infocyte Reseller and Distributor program is committed to building successful, long-term relationships that benefit both our partners and their clients. Service Providers • Infocyte Services Partners recommend products and provide services from Compromise Assessments to implementation, deployment, training and advanced analytics. • This is a great option for organizations that want to provide customers with threat hunting services and consulting, but prefer to let Infocyte manage the sales process.
Partner Close Up:Global Cybersecurity Services Provider Organization • Global provider of advanced cybersecurity services offers a combination of cutting-edge technology, experienced staff, and proven processes to their customer base across a broad range of industries. Challenge • Despite having an arsenal of AV, Firewall, Intrusion Detection and other security tools at their disposal, the reseller saw a need for a post breach detection solution to combat malware and APTs. • They heard about Infocyte from a news article and reached out about a POC and partnering opportunities. Partnering Model • Resell and Provide Managed Services for Infocyte HUNT™ Results • Expanded solution portfolio to include threat hunting. • Able to find threats using Infocyte HUNT that other solutions in their portfolio could not find. For example, Infocyte was the only solution that could find the presence of the "minerd" cryptocurrency miner malware on a customer’s network. • Immediate sales/revenue returns with multiple accounts, with opportunities for future expansion within these accounts. • Built $1M pipeline in 6 months.