Discover malicious network application content as it passes through your traditional security defenses.

InQuest offers an on-premise network-based security solution that inspects application content over the most commonly used network protocols and performs Deep File Inspection (DFI) capable of detecting malware as it passes through your traditional security defenses.

The InQuest team works with real-world, high profile networks on a daily basis and draws influences from actual attacks to publish new signatures and intelligence feeds on a regular weekly basis or as needed.

Solution Overview

Our software focuses its scrutiny to identify, process and inspect files downloaded over the web or received via email to detect malicious code in transit. Innovative and constantly evolving file post processing techniques are applied to live monitored network traffic providing insights into even the most creative combinations of obfuscation. The processed content is fed through a gauntlet of proprietary security checks and is also made available for integration with your existing security infrastructure. There are integrations available for a variety of antivirus and sandbox technologies that serve in a complementary capacity to the analysis that InQuest is performing. Our team reviews new products regularly and interfaces with vendors we deem to be the most effective at assisting in malware discovery in our environments.

We cross­ analyze collected artifacts with intelligence data from user­ supplied, local, 3rd party, and cloud based sources to identify true ­positive threats on your network defined by a single numeric threat score. InQuest catalogs and analyzes all HTTP and SMTP network sessions then provides you with flexible search options, and the ability to prioritize and manage alerts based on our threat scoring engine. Our scoring algorithm is not prone to artificial inflation and we're constantly tuning it to match the real-world attacks we monitor daily.

A typical deployment involves a single InQuest manager and one or more InQuest collectors. Once installed, the collectors operate in a headless state. All updates, configuration and tuning are accomplished through the manager. Users interface with InQuest through our on-premise web-­based UI, our powerful and open RESTful API, or via SIEM integration. Our UI/UX is designed with the analyst in mind and provides built-in common tools to assist in research endeavors without leaving the application. We are continually evolving our user interface in response to analyst driven feedback.

Capabilities

Capture, Analyze and Assign.

  • Capture and catalog all web and e-mail session information at 10Gb rates. Retention history is limited only by your underlying hardware.
  • Automatically extract, analyze (expand, decode, etc.), and score all session artifacts including URLs, IPs, domains, files, and even e-mail addresses.
  • Our threat scoring algorithm factors information from all available sources to produce a single, digestible, well balanced threat score.
  • Sort, assign, research, and track workflow of all event management directly from within our UI; or not, we support SIEM integration via syslog as well.

Search, Research, and Collaborate.

  • Powerful search. Slice through aggregated data by TCP session, file, threat, or command and control end-point.
  • Store and recall custom searches privately or via group shares. Allowing for collaboration between peers.
  • Integrated research tools allow analysts to examine raw file content, reference our signature knowledge base, and utilize common web tools without leaving their browser tab.

Augment and Retrograde.

  • Up-to-date intel delivered weekly and as needed to keep up with the latest attack methodologies and campaigns.
  • Augment our intelligence with your own by defining Yara compatible signatures along with a severity and confidence rating that will be considered by our threat detection and scoring engines.
  • Retrograde threat assignment on historical traffic based on the latest threat information. Discovering attacks that may have previously gone under the radar.

Tuning, Access Control, and Authentication.

  • Support for multiple authentication backends including on-board, Active Directory (AD), LDAP, RADIUS, and TACACS+.
  • Granular access controls and customizable group policies available both on-board and remotely via AD or LDAP integration.
  • Flexible filtration options to filter by VLAN id, CIDR block, etc. Multiple sources for tuning including per component MIME exceptions, host exclusions, white listing, black listing, etc.

Intelligence

InQuest Cloud infrastructure ensures your InQuest deployment remains up to date with the latest intelligence information collected by our bots, internal research team, as well as private and public sources from around the world. We emphasize the value of our informatics as much as our platform. We aggregate, catalog, and rank both proprietary and third party information feeds for daily delivered product updates. The signature team works with real-world, high profile networks on a daily basis and draws influences from actual attacks to publish new signatures on a weekly basis.

Leverage the power of continuous signature updates from our research team. Compare your network results with the rest of the world. Augment local cycles with limitless cloud resources. Query against our constantly evolving reputation databases. Reflect inquiries through our servers, to protect the identity of your own. Get notified of threats as we identify them.

Opt-in into our anonymized threat exchange to benefit from timely intel gathered from our ever growing and globally distributed customer base.

Partners

Exodus Logo

Exodus Intelligence is a recognized leader in vulnerability discovery, exploitation techniques, and vulnerability intelligence. Our team works closely with Exodus to leverage their knowledge and capabilities to 0-day attacks targeting our customers.

OPSWAT Logo

OPSWAT provides the on-premise detection benefits of over 30 anti-malware engines in a single solution, Metadefender Core. Our product integrates directly with Metadefender, coupling the depth of our Deep File Inspection capabilities with the breadth of coverage from an entire industry.

Work With Us

We are an Arlington Virginia based company hailing from the public sector and making our foray into the commercial space with the release of our cloud assisted network threat detection solution.

The quality of our product is heavily influenced by our team's extensive knowledge of real-world malware campaigns. We employ a variety of patented techniques to detect elusive attack patterns that would otherwise go unnoticed.

InQuest Map

We offer a fast-paced and challenging work environment with competitive salaries, full benefits, paid R&D time, and the opportunity for remote work within the United States. We currently have the following openings for U.S. citizens:

  • AWS DevOps Engineer
  • Senior Python Developer
  • Advanced Malware Reverse Engineer
  • Security Engineer / Signature Developer
  • Commercial Sales Representative

We are looking for people who are enthusiastic, self-driven, and works well in a small team. If you have an obsession with getting things done right and elegance is a driving factor in your work... contact us. For technical positions we expect you to have a GitHub account so that we can peruse your code.