Infocyte adds asset discovery, vulnerability reporting to threat hunting platform

Infocyte, which brought in ex-Dell Security GM Curtis Hutcheson as CEO early this year, and which offers a variant of traditional threat hunting based on USAF cybersecurity techniques, is adding new services that complement their core value proposition.

Curtis Hutcheson, Infocyte’s CEO

Today, Austin-based cybersecurity vendor Infocyte is launching Infocyte HUNT 3.0, the latest version of their threat hunting platform. This version significantly expands the platform’s capabilities by adding asset discovery and vulnerability reporting.

“The company is built around an ex-U.S. Air Force cybersecurity team, who developed techniques to deal with state sponsored and sophisticated attacks when they had access to the best technologies in the world,” said Curtis Hutcheon, Infocyte’s CEO, who joined the company in February at the same time that they secured their Series B funding round. Hutcheson is best-known in the security space for the nineteen months he spent as VP and GM of Dell Security Solutions, before its SonicWall and Quest properties were spun back out into separate companies run by Francisco Partners in November 2016. He emphasized, however, that Infocyte has a highly differentiated offering.

“The number one problem is today is threat detection,” Hutcheson said. “Some things will still get through your perimeter, so you need to go on offense and find the threats. For a dramatic change on security, people have to go on offense, and this way they can effectively eliminate risks even when threats penetrate.”

Hutcheson said that MSSPs and security consultants have used penetration testing to find vulnerabilities, but that this is only part of the story.

“Patching cycles now are 12 weeks on average, and there is no way to keep up with that using normal tools,” he said.

Threat hunting – proactively searching for threats that have eluded other defenses and are already in the network – provides a more systematic approach, but Infocyte uses a different type of methodology than other companies in this space.

“Typically, the market addresses threat hunting with large data lakes, and they analyze them and baseline them using machine learning.” said Chris Gerritz, Infocyte’s Founder and Chief Product Officer. “That is not the way that the USAF hunted threats. We were charged with going into a network to find data, but we didn’t always have data going in. We would baseline in the breach if we baselined without data, so we had to do it a different way. We use a lot of forensic techniques, doing primary collection on workstations and servers, sweeping the entire environment and assessing it with our own machine learning, looking for unauthorized code or unauthorized access.”

Gerritz said that Infocyte sees their platform as providing a superior and more systematic penetration test.

“It’s a platform that partners can use to deliver a service, and which customers use to hunt in their environment,” he said.

While the platform scales to enterprise levels, the enterprise isn’t Infocyte’s sweet spot.

“We can address enterprises, but they are not really our focus,” Gerritz said. “Our whole value proposition is that we are independent of the existing security stack. That allows us to play further down in the market. We have a lot of success in the 500 to 5000 employee space, and have some customers up around 15,000 employees. We add a lot of value in the mid-tier.”

The Infocyte HUNT 3.0 release adds some new technology wrinkles, such as enhancing their cloud-based Incyte threat intelligence and analytics engine to apply unique similarity matching. Most of the new features, however, are ‘productized’ services which take capabilities that were already in the Infocyte engine, and deploy them to address additional customer concerns.

“We weren’t doing vulnerability reporting and asset discovery before,” Gerritz said. “There are other tools for that, which we thought people were using. But we do asset discovery in our work – it’s table stakes – and we found out that many people knew very little about their assets. We would give clients a rundown on the status of their 600 machines, and find out that they had no idea how many machines they had.”

Accordingly, Infocyte now enables visibility of all applications, workstations, servers and embedded systems, whether deployed on-premises or in the cloud. Infocyte now also enables reporting on all known installed application vulnerabilities to provide visibility and patching levels for servers and workstations.

“Threat hunting remains our core competency, but we are now better able to draw a line between the intersection of assets, vulnerabilities and threats,” Gerritz said. “We add in these commoditized things, the asset management that we did before, but just weren’t reporting. This release makes this more visible to our customers.”

Version 3.0 also redesigns the user interface to make it easier for Level 1 analysts to use.

“Our toolset platform lets customers replace a $400/hr forensics professional, which is expensive for the type of customers we sell to,” Gerritz said. “We have now focused our UI to be usable by a technician with a lower and less expensive level of experience, while still getting answers that higher-tier guys would take weeks to get.”

Infocyte uses a hybrid go-to-market model, but most of their business is channel.

“Over three-quarters of our business is driven by partners,” Hutcheson said. “We know the value to customers comes through the partners. Our goal is to bring more of the focused security partners in.”

Right now, most of their partners are smaller security consultancies, as well as small-scale operations that deliver services to their customers.

“We don’t have a significant number of MSSPs right now, and are expanding into that,” Gerritz stated.

Infocyte’s scalability makes it ideal for partners offering it as a service.

“A partner can come in, and in hours derive a tremendous amount of data on the customer network,” Hutcheson said. “We have a clean deployment model, with great simplicity, and speed. In our view, partners must be in this space today, and while they can use open source tools to do this, they can’t do it at the scale that they need.”

“If partners are new to threat hunting, and want to start offering this to their customers, we can train them,” Gerritz said. “We are introducing a new Threat Hunter Pro subscription service, which is ideal for partners – and customers – who don’t have threat hunting expertise.”