Discover malicious network application content as it passes through your traditional security defenses.

InQuest offers an on-premise network-based security solution that inspects application content over the most commonly used network protocols and performs Deep File Inspection (DFI) capable of detecting malware as it passes through your traditional security defenses.

The InQuest team works with real-world, high profile networks on a daily basis and draws influences from actual attacks to publish new signatures and intelligence feeds on a regular weekly basis or as needed.

Deployed at over 30 Security Operations Centers (SOCs) across the Globe
Protecting over 0 Million users 0 Million endpoints and growing
Consuming, analyzing and reporting on over 1Tb/sec of throughput globally
Dissecting and Analyzing 10s of Millions of Files and Objects per Day
Unique Threat Intelligence Acquisition from Hundreds of Sources
Active Integration with Dozens of Data Analytics and Security Vendors

Hardware or Software

We provide a file-centric view to your network through both virtualized platforms or dedicated appliances that range in throughput capability from 100Mbit to 20Gbit. Combine two collectors for complete visibility at 40Gbit.

Deep File Inspection (DFI)

An ever evolving engine geared towards unraveling the myriad of layers used my malware authors today to masquerade their payloads. DFI is a core facet of our offering.

Active Intelligence Integrations

Leverage our experience to lean on the right combination of public/private/in-the-wild resources and partner with best-in-breed vendors. Get more from your existing solutions.


Data Loss Detection

Our detection rate of Data Loss (PII, sensitive/classified information, etc.) powered by InQuest Labs with the option for the customer to define their own Data Loss Detection content through the use of user-defined signatures.

0-day Coverage

Our 0day coverage and detection rate powered by InQuest Labs as well as our partnership with Exodus intelligence for real-time and historical detection of exploitation attempts targeting 0day vulnerabilities in the most commonly used file formats.

Vintage Component

We provide the customer with the ability to perform Hunting through historical artifact queries and file analysis using our internal Vintage component (retrospective static file analysis).


We minimize the data center footprint by offering the customer with the option of aggregating network feeds and mirroring them to a single 1U 20Gb appliance.

How It Works

SOC oriented tool designed by SOC analysts for SOC analysts. Primary deployment today is within the US federal government.


Depending on your need, our (1U) Collector appliances are capable of ingesting and inspecting traffic at varying throughput levels, 100Mb – 20Gb.

Artifact Extractor

Port agnostic SMTP and HTTP capture, artifact extraction, expansion, and analysis. Artifacts include headers, URLs, IPs, e-mails, and files. ICAP, PCAP, API, and manual file upload support.


Our primary focus is Deep File Inspection (DFI) on non-PE files: Microsoft and Adobe document formats, Java, Flash, archives, etc.

Nested files are expanded prior to analysis.

As an example consider an email with an EML attachment containing an archive with a Word document which in turn contains embedded SWF.

The ActionScript is exposed for threat analysis. InQuest labs releases new signatures weekly, customers can write their own Yara signatures on our platform.

We monitor all TCP flows and Domain resolution attempts to determine if a connection or resolution attempt is attempting to communicate with threat actor infrastructure.
Our feeds are regularly updated and the vast majority of the feed content is derived from our internal research or empirical observation.
Customers also have the ability to define their own watch lists for this type of monitoring.
Threat Score
We support integrations with best-of-breed vendors such as OPSWAT, VirusTotal, FireEye, JoeSandbox, Cuckoo and VXStream which allows us to consume results from their analysis and factor it into our threat scoring assignment. The results are tallied and displayed in our threat receipt which shows all of the contributing threat factors.
Powerful search and hunting functionality. Variable time window for retro hunting of past collected data when new signatures are written or released.

We provide numerous options for API access and data export to third-party SIEM solutions which gives you the ability to consume the results of our analysis without altering your existing processes for analysis, visualization and/or workflow.


Customer Testimonials

Prior to having InQuest, file decompression, decoding and post-processing were all manual steps that were very time consuming for us. Now that we're using InQuest, all of those steps are automated and it has given us the ability to apply these steps to not only files we think are suspicious, but all files received by our users.

Malware Analyst, US Intelligence Community

Having the ability to search historically based on file content is like having our own internal VirusTotal Retrohunt.

Intrusion Analyst, US Department of Defense

The threat score calculation and assignment being performed by InQuest's engine makes it easy for us to sift through the legitimate sessions and focus on the real threats targeting our users.

Intrusion Analyst, US Department of Defense

InQuest provides a complete network forensics picture, from session details such as header information to file details such as the hash, size, type and even the raw file.

Incident Handler, US Intelligence Community

The data loss prevention coverage InQuest provides for data-in-transit is second to none.

Intrusion Analyst, US Department of Defense

The InQuest platform is unlike any other network-based security system we've seen. The performance of their native capture engine and analytic capabilities are unparalleled in terms of the throughput it can support and the number of files it can dissect and analyze.

Security Engineer, US Department of Defense

The third-party integrations with multiav and sandbox solutions are seamless. We have never had a security platform that made it so easy to automate all of our static and dynamic file analysis efforts.

Security Engineer, US Department of Defense

Over half of our customer’s traffic is encrypted and InQuest is the first security platform we’ve seen with a specific focus on using SSL related indicators of compromise to detect the bad guy’s infrastructure.

Intrusion Analyst, Managed Security Service Provider

The threat intelligence InQuest is able to gather and disseminate via their reputation and threat feeds has alerted us to numerous customer compromises. They are truly at the cutting edge when it comes to identifying threat actor infrastructure as it is deployed.

Intrusion Analyst, US Intelligence Community

It’s pretty amazing that they are able to support capturing, reassembling, processing, storing and inspecting content at speeds over 10Gb without dropping traffic all in a 1U box.

Security Engineer, Department of Defense

We’ve been customers for several years now and up until the recent acquisition of their appliances we were running their collectors on 4U boxes with flash storage cards. As a result of that acquisition, we went from having to deal with three different vendors to one vendor, reduced our rackspace footprint as well as our power consumption which all resulted in a huge cost savings for us. Kudos to InQuest!

Director of Information Security, E-Commerce Company

Through their data orchestration and workflow, they’ve made it really easy for us to establish repeatable workflows from within their UI. That has saved our SOC analysts a considerable amount of time and has enabled them to pivot through data from numerous systems all from a single pane of glass.

SOC Operations Lead, Department of Defense