The change was announced today as part of the 2.0 version of HUNT, which was previously called Infocyte Pulse.
Infocyte scans a network’s devices — including end-user workstations and data center servers — looking for signs of trouble.
CEO Chris Gerritz isn’t divulging exactly how the scan operates, but he says it includes peeking into volatile memory and comparing what’s running against what the operating system thinks is running.
But that has become less effective, Gerritz claims.
“If you look at breaches like Target in 2013, their software saw the breach,” but analysts had so many alarms and alerts to check that this one snuck by unmolested, Gerritz says.
Moreover, hacking isn’t about “snatch-and-grab” tactics any more, Gerritz says. Hackers are playing the long con, lurking inside breached networks. “Threat hunting is really that last line of defense to find people that are inside,” he says.
After identifying malicious activity, Infocyte isolates the affected server, which the enterprise can then disable or scrub clean. (Alternatively, some organizations will bide their time so they can observe an intruder’s behavior.)
Based in San Antonio, Texas, Infocyte got its conceptual start while Gerritz was in the U.S. Air Force, hunting for unauthorized activities on the service’s 800,000-node network. His epiphany about threat hunting came during a job when he had to investigate a network at a site that hadn’t installed any security technology — just “a simple, free antivirus and a firewall, and they didn’t log anything,” he says.
Without decent security or logs there wasn’t a way to know what was happening inside the network.
In a sense, Infocyte provides the tool he wishes he had for investigating that network.
After Gerritz retired for medical reasons, he started Infocyte along with CTO Ryan Morris, an Air Force captain. The startup now has 11 full-time employees, and it has raised $1.5 million, including venture capital from LiveOak Venture Partners and some angel funding.