FDR Network Threat Analytics provides dynamic analysis and detection capabilities that enable identification and response to a variety of cyber threats targeting enterprise networks: • Breach Detection • Exploitation Techniques • Intrusion Attempts • Malicious Actors • Suspicious Behavior Key features include: • High-Performance Network Inspection » Monitoring network traffic at throughput speeds from 100 Mbps to 40 Gbps » Full session analysis leveraging behavioral and advanced analytical techniques - including Machine Learning (ML) - to identify and respond to anomalous suspicious behavior • Turnkey physical and virtual appliance form factors • Physical appliances provide excellent data center economics - minimizing data center footprint (via 1U form factor), power, and cooling needs • Appliances collectively managed via single pane of glass • Ingests data in-motion, data in-use, and data at-rest • Complex threat hunting tasks are automated by leveraging intrusion analysis, intrusion detection, incident response, and event triage • Alert on malicious network activities, investigate, and perform forensics analysis to determine root cause and then respond using event triage and mitigation • Multiple Inspection Techniques » Deep File Inspection (DFI) employs detection logic at numerous layers to uncover a wide variety of attack and exploitation techniques » » Rapidly dissects files to expose evasions and malicious content within embedded logic (macros, scripts, applets), semantic context (spreadsheet cells, presentation words, etc.), and metadata (author, edit time, page count, etc) » » Full artifact inspection including session-level metadata (web headers), domains, files, hashes, headers, IPs, SSL certificates and URLs » » Optical Character Recognition (OCR), Computer Vision, and Perception Hashing used to inspect embedded images for presence of malware » Machine Learning (ML) incorporates advanced algorithms that leverage supervised classifiers and unsupervised clusters - designed to query vast amounts of data, discover patterns, and generate valuable insights » Algorithms are leveraged to identify/pinpoint threats without the use of IOCs » Sandbox integrations » Multi-scanning technologies • Breach Detection and Containment » Full visibility of all inbound and outbound enterprise network traffic flow to determine whether a breach has occurred » Identifies Command and Control (C2) activity associated with advanced persistent threats (APTs) by performing behavioral analytics and leveraging unique Indicators of Compromise (IoC) acquired and curated by InQuest Labs » Detects and/or prevents C2 activity of sophisticated actors and their tradecraft - ultimately reducing the dwell time that can eventually lead to data leakage or exfiltration • Emerging Threat Detection » Inspection engine utilizes heuristics and signature-based analytical pipelines to identify real-world emerging threats - blocking Zero-Day attacks and N-Day attacks • Retrospective Malware Detection » Via RetroHunting, files are inspected for latest threats to ensure even the most sophisticated attacks don’t go undetected - even if initially missed • Data Loss Prevention » Inspection of all file content and context to identify data exfiltration - ensuring sensitive information never leaves your environment • IQScore » Each file is dissected into an array of artifacts - each artifact is then given an IQ Score » Scores are driven by all available intelligence including discrete, heuristic, and ML score contributors » Threat receipts show intel sources at-a-glance » Signature pairings for "heating" and “cooling" based on latest threat intel » Block, alert, investigate recommendations give SecOps clear guidance on enforcement policy • Proactive Threat Intelligence » Built-in incident response workflow, remediation, and breach containment alleviate investigative workflows for your operators » Provides the ability to proactively track and hunt for emerging threats that have targeted your environment • RetroHunt Capability » SecOps personnel can retrospectively identify the most sophisticated threats to determine which assets have been impacted • Invisible to outsiders / attackers