It takes on average 169 days to discover a malware breach. During that period, the attackers are inside your system and can do anything they like. This breach detection gap – the time between contamination and discovery – represents a serious risk to companies. In this blog we introduce Infocyte HUNT: a practical solution which assumes that systems have been breached and proactively searches for malware.
We are confronted with malware and cyber attacks on a daily basis – like the recent attacks from WannaCry and Petya. The bad news is that this situation is unlikely to change and will probably only get worse. Fortunately there is technology to prevent this, Endpoint Detection and Response (EDR) and Security Intelligence (SI) in particular. These real time detection tools use libraries in which the profile of known attackers, exploits and virusses are registered. Unfortunately, the attackers are getting increasingly sophisiticated and increasing in number. This is happening at such a fast pace that it is impossible to anticipate and register attackers and these cannot be dealt with by regular anti-malware and virus products.
Reduce the Breach detection gap
The greatest risk lies in the time-lapse between the breach and detection. In that time, the malware can spread through the network of the organisation, affiliated companies and partners. In addition to this, the organisation runs the risk that company data will be copied, alterd or even deleted. A data breach causes an average of 4 millioen dollar in damages. That’s the major reason that organisations should focus on prevention, but also detection following the breach.
What to do following a breach
Infocyte focusses on malware which breaches your systems and is undetected. The assumption is made that an infection has already occurred and that defense alone is not enough. Just like football, attack is the best form of defence. Malware which has succesfuwlly avoided detection by your defence mechanisms richt zich op de malware die er ongezienill be detected immediately by Infocyte HUNT. Following detection, forensic specialists can isolated the malware and research the damage done.
Infocyte HUNT was initially developed by the Cyber Security Defense Team – part of the American Air Force. They discoverd that traditional defence mechanisms weren’t working and that malware was in their systems for much too long before being discovered. The team developed various forensic analyses, tools and techniques which are aimed at the post-breach situation. QS solutions introduced Infocyte to the Dutch market in 2015. One of the prinicpals of Infocyte is the most companies cannot afford to maintain a department of security specialists. Resources are scarce and there is often just too little time. That’s why a malware detection tool has to be easy to use, affordable and, above all else, effective.
How does Infocyte HUNT work?
To start with, you select the endpoints to be scanned and schedule when the scan is to be executed. The scan can then collect data from thousands of endpoints per day. Any device with memory can be scanned: laptops, desktops, servers, devices. Infocyte HUNT operates independently of the host operating system and without installing software which could affect the performance of the endpoints. We explain how this works in the webinar which is available via the link below.
Once the scan has been carried out, Infocyte HUNT collates the data automatically on it’s own servers using patented algorithms. The findings are presented in reports designed to be read by non-specialists. This enables you to take decisions quickly about recovering or re-installing endpoints. It also helps you to focus on the endpoints where the breach occurred and to decide what changes need to be made. Would you like more information about Infocyte? The product page can be viewed here.
Up and running following a malware breach
Infocyte HUNT detectts both active and hibernating attackers without requiring forensic expertise. That represents a significant cost saving. It works as an addition to exisiting products aimed at prevention, without affecting your work as an end user. Infocyte HUNT scans can be scheduled every day, week or month – or even multiple times per day. You will be able to reduce the breach detection gap significantly and it will ensure that you are not totally dependent on your defence mechanisms. With Infocyte HUNT, you can hunt down malware proactively. Do you want to check whether your systems have been breached by malware? QS solutions is offering a free of charge one-time scan for a maximum of 500 endpoints. Get yours here!