Inception platform

Key use cases

Security teams use our comprehensive and flexible platform to improve the effectiveness of their security programs and detect threats that would otherwise be missed. Here are four example use cases.

Make the threat-of-the-day a non-event

Know whether your organization is impacted

Whenever a cyber event such as a supply-chain attack or new ransomware campaign makes the headlines, you and your security team are called upon to rapidly respond to determine  if you’re impacted. Security teams scour threat briefs from their threat intelligence vendors or visit their trusted security blogs looking for related IoCs. Once they obtain IoCs (IPs, hostnames, YARA rules etc.) they use them to learn if you’ve been impacted, often by searching SIEM logs.

But what if your anti-virus vendor doesn’t have signatures? Or the malware doesn’t create entries caught by your SIEM? Or the malware existed but was later deleted? The Inception platform solves those problems, allowing you to efficiently run IoCs against your entire file corpus to see if there are any matches and know whether your organization has been impacted.

View

Detect hidden threats

Move from point-in-time to continuous detection

It’s a sobering fact that malware-led attacks, supply-chain vulnerabilities, and ransomware are on the rise; all organizations are within the crosshairs of persistent malicious actors. Even organizations spending millions of dollars on their security program are susceptible to threats that get through their current detection and prevention stack.

A key reason that malicious activity is missed is that traditional threat detection solutions are “point-in-time” and can only detect the state of an object or action at a specific instant — when the file is written or an executable is run, for example. The knowledge needed to detect new attacks is often not available at a specific time of inspection. The Inception platform exposes hidden threats by continuously analyzes your environment against the latest threat intelligence from multiple sources and uncovering threats that would otherwise remain undetected.

View

Create customized defenses with contextual intelligence

Identify the IoCs that matter most to your organization

Threat intelligence can play a role in every aspect of detection and response including detection of attacks, incident response, and protection from future attacks by blocking bad actor IoCs. Advanced cybersecurity organizations typically subscribe to more than a dozen threat intel feeds from various sources (vendors, ISACs and open source), and dedicate team members to try to maintain and operate tools that help them manage the resulting flood of data.

All that information can be overwhelming if you don’t know how to use it. Meanwhile, you may be overlooking important data that resides inside your own environment. With its inside-out approach, the Inception platform extracts IoCs and observables from suspicious files in your environment. This keeps the volume low and ensures that the identified IoCs are applicable to your organization.

View

Triage with research-grade understanding

Quickly identify and triage emerging threats

Triaging alerts may be done by SOC analysts at larger companies, IT gurus at smaller companies, or by technology service provider partners working for a number of companies. Regardless of the role, they are always under tremendous pressure to make quality decisions about whether files are malicious or not in a limited time.

Unfortunately the tools available don’t make the job easier; traditional static and dynamic malware analysis tools are disjointed and an incident responder has to spend a lot of time examining the findings and correlating the data. The Inception platform changes that, providing your team a one-stop-shop for ongoing deep-file static and dynamic analysis of potential malware presented in an easy-to-use interface. It gives your team the ability to triage every alert with a wealth of understanding.

View