The New Work Environment
In the past, to contain a security incident, your team had to be present at the devices. This requirement has been becoming less obtainable for quite some time with more employees working remotely. Now, with COVID-19 being declared a pandemic, many organizations have required all employees to work remotely and restrict business travel—even for incident response. Malicious actors are taking this opportunity to achieve their nefarious goals by attacking a remote workforce that is ill-prepared for the current situation. Infocyte would like to share some best practices for delivering security to a distributed workforce. Using Infocyte, you can easily respond to an incident without traveling to the impacted infrastructure. That includes everything from identifying a breach, remediating it, and addressing root cause.
Public and private cloud-based services drive almost all aspects of business. Compromises do not usually result in the affected endpoint(s) being cut off from the internet—and infrastructure remains accessible. Remote workers are usually found in one of two configurations—with and without VPN access. If the non-VPN users are compromised, how can your security team assist?
The Solution: Monitor, Assess, and Respond
Infocyte’s powerful Cloud platform allows your security team to access devices, on or off the corporate network, anywhere in the world. Your team is now able to monitor for threats, assess their impact and pervasiveness, and with Infocyte’s Extensions, they can respond. Isolate the machine, kill processes, delete files, and once remediated, restore the machine. These are all possible—not on just one machine but securing hundreds or even thousands of machines at once is now a reality. This is particularly powerful when you consider that machines do not even have to be on the corporate network. If the endpoint has internet, you can address the concern.
Infocyte Best Practices
Infrastructure and cloud assets can be reached via a Controller
with very little configuration.
Remote employees should have Agents installed on their
machines—with or without VPN Access.
Scan daily to identify threats and use extensions to remediate them. Infocyte Support is here to help. Please reach out to us at [email protected] for additional information or assistance.
Quarter 1 Releases
The engineering team worked diligently in Q1 to deliver new features. Three months of hard work—a lifetime of value.
Infocyte’s extension platform enables the world. If you can script it, you can do it with Infocyte.
Extensions are an open source solution that are scalable across your environment; for one machine or thousands. Accomplish more with less work. We encourage all our customers and partners to both utilize the shared extensions and develop their own to expand the library. If you would like more information about extensions, please contact your Infocyte representative.
Infocyte has made it easier than ever to integrate with your suite of tools. Webhooks allow users to get any alert out of the tool and into a common format to collate with other security information. Coupling Webhooks with our API allows for even more capabilities around automation.
Monitoring distributed networks in one SaaS
instance? Want more throughput or to
bypass the queue for an emergency scan? Controller Groups allow Infocyte users
to use Agent-less scanning in new ways.
Use Case 1
Multiple Controllers in the same group to provide
increased throughput and redundancy.
Use Case 2
Point one or more Controllers at different networks or
segments without communication between the two.
Use Case 3
Setup a Controller Group that remains idle until it is needed for an emergency request—bypassing other tasks in queue.
Were you using Agents instead of a Controller due to the existence of a proxy? No longer are proxy users limited to using Agents. Proxy support is now available in the Controller!
- Improved Integrations
- Improved Enumeration Speed
- Improved Agent Handling
- Improved Scan Rate
- Improved Threat Intel Sources
- Improved Artificial Intelligence
- Improved API Access
- Improved Object Filtering
- Added ability to uninstall Agents via the Console
- Added ability to install Agents via a Controller
- Added support features
Slated for release in April 2020 Infocyte expands into
real-time security monitoring. No longer
do you have to wait for a full scan to know that you are clean and safe!
Now your security staff will be alerted in real-time and
coupling this technology with our wide variety of options to deliver you the
right alerts at the right time—thus providing an invaluable toolset for your
Infocyte Rules Engine
To capitalize on the power of real-time security,
Infocyte’s product team will be expanding our MITRE ATT&CK based rules
engine capabilities—allowing users to specify their own rules for creating
Alerts. The upgraded engine will allow users to outline an action based on
specific inputs and conditions.
Get notified before it’s too late!
Powerful Search Abilities
Infocyte will be upgrading our search capability. This new interactive search capability will
enable users the flexibility to search across all data collected and establish
rules for detection based on the search criteria.
More information will be made available about this feature enhancement in our future newsletters.
Featured Power User Tip
The Power of Infocyte API-First
Did you know that everything viewed, processed, and documented in the Infocyte Console is available via the Infocyte API? Use cURL, PowerShell, or our API Explorer to expand your team’s ability and automation.
Quick Starts for PowerShell:
- Generate an API token in the Console and Install the PowerShell module. KB Article
- Docs and Source Code for Powershell Tools on Infocyte GitHub. GitHub
Still not finding what you are looking for? Our API is fully documented and can be interacted with from your preferred browser. Simply add the string
/explorer to the end of your Infocyte instance’s URL. For example:
Then enter your API token, and navigate through the available options.
*** This is a Security Bloggers Network syndicated blog from Blog – Infocyte authored by Fred Dobson. Read the original post at: https://www.infocyte.com/newsletter/2020/04/14/infocyte-q2-2020-newsletter/