Infocyte Advances Threat Hunting Platform With Asset Discovery

The threat hunting platform built by U.S. Air Force cyber-security veterans aims to detect compromises and reduce attacker dwell time.

Infocyte Hunt

Cyber-security startup Infocyte launched the 3.0 edition of its Hunt Platform on April 10, providing organizations with enhanced threat hunting capabilities.

The Infocyte Hunt 3.0 platform benefits from the experience of the company's founders gained in the U.S Air Force's cyber-security division, providing features that enable security operation teams to find advanced threats. The new release includes the Incyte cloud-based threat intelligence engine as well as enhanced vulnerability reporting capabilities.

"We started Infocyte about four years ago after seeing that in the commercial market organizations were not looking for breaches; they were just looking for vulnerabilities," Chris Gerritz, founder and chief product officer at Infocyte, told eWEEK

Gerritz spent a decade in the U.S. Air Force leading the incident response team and helping to identify potential breaches. With Infocyte, Gerritz and his co-founders set out to build a platform that brings the same types of approaches that the U.S. Air Force uses for threat hunting to commercial enterprises.

Infocyte Hunt is an agentless threat hunting product that looks across endpoints and servers in a network that can be on-premises or in the cloud, according to Gerritz.

"[Hunt] does a deep host inspection using forensic techniques to really dig down and identify if a device or group of devices are compromised, using some the advanced techniques that we were using in the Air Force," he said.

The 3.0 release also includes capabilities that enable organizations to identify their IT assets and discover if a given asset has been breached.

"We want to be able to say if an asset is valuable, is it vulnerable and is it compromised all in one product," Gerritz said.


Ryan Morris, co-founder and CTO of Infocyte, explained that the Hunt technology crawls memory space on devices and services, searching for API hooks as well as processes that have been injected.

"We primarily focus on things that are running and are already in memory," Morris said. "We operate at low impact to the system and aim to collect forensic evidence to determine if the host is compromised."

Getting all the data from the endpoint and hosts is accomplished with an approach known as data stacking to perform the forensic analysis. The new Incyte Engine provides an additional layer of capabilities for analysis. Gerritz said Infocyte subscribes to threat intelligence feeds and has its own malware analysis capabilities, hosting those features in the cloud with the Incyte Engine.

With Incyte Engine, Gerritz said Infocyte is providing a machine learning algorithm and model to categorize backdoors in remote access tools and anything that is post-compromise.

What's Next

For Infocyte CEO Curtis Hutcheson, the goal is to continue to grow the company, with the help of partners.

"We really cater to partners who are running networks for customers, providing basic security services, but they want to go above and beyond," Hutcheson told eWEEK. "What our company is all about is getting the attacker dwell time down to less than a day. That's what has to happen to change this industry."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.