Continuous intelligence, detection, and response

The Inception platform

Break free from the blueprint

Organizations are doing everything they can to implement today’s blueprint of must-have security controls. But bad actors have access to the same tools you do, testing their attacks and engineering them to get around the controls currently in place.

Inception – the world’s first continuous intelligence, detection, and response platform (CIDR) – redefines the game to give security teams the upper hand.

What Inception does

A peek under the hood

Applies “zero trust” to every file

Every executable file in your environment is regarded with zero trust. Inception collects everything from your standard .exe to a .lnk, .dll, .bin, and beyond. This builds a virtual evidence locker to help you find malware, previously unknown supply chain vulnerabilities, and more.

Scans your entire environment – past and present

Inception continuously scans your environment with pre-built and custom YARA rules to determine where threats are or were lurking in your environment.

Detonates files of interest

Find a file that you think needs a closer look? The moment you start digging into it, Inception will begin the detonation process in the background to give you more context.

Discovers malware variants hiding in plain sight

If you found a piece of malware and want to see if there are any variants that got past your EDR, Inception automatically finds similar files of interest for your research.

Alerts you to new YARA matches, variants, and more

When there’s a new match against a YARA rule, a new variant is found, or another trigger is set, Inception can automatically notify you so you can take a look.

Sends alerts to your favorite cybersecurity tools

We want to complement – not complicate – your current cybersecurity workflow. We have pre-built integrations to help generate alerts, or you can use the Inception API to create custom integrations of your own.

The Inception difference

Create a new security paradigm

Dramatically improve detection

  • Detect targeted, EDR-evading malware
  • Mitigate supply chain risk through “zero trust” file protection
  • Operate out of sight, out of time, and out of band to prevent testing and evasion

Gain confidence in response

  • Effectively respond to new and previously unknown threats and compromises
  • Enable your analyst team to understand, analyze, and respond quickly
  • Facilitate better and faster future assessments, investigations, and analysis

Reduce costs and time

  • Eliminate unquantifiable losses from unknown past and future malware exposure
  • Reduce the cost of breaches and threat assessments, from millions to minutes
  • Dramatically shorten incident investigation and response times

There’s something for everyone

Inception works for the whole team


Get deep visibility into your organization’s environment.

Quickly identify potential threats.

Gain a proactive “Plan B” for activity that AV and EDR miss.


Detect malware and variants quickly and easily.

See unpredecented insights into low-prevalence files.

Increase effectiveness in YARA rule scans.


Understand impact faster.

Extract actual evidence for investigation.

Efficiently archive and re-open your cases.


Triage quicker than before.

Understand the reach of threats with ease.

Regain time for deeper security work.


We’ve got answers

How does Inception differ from my EDR? Does it offer endpoint protection?

Inception is a complement – not a replacement – to your endpoint detection and response (EDR) tool. EDR is built to stop threats as they come in, but it can only catch what it knows.

Inception treats every file – good or bad – the same, giving you a look at everything that is or was on your endpoint. It’s constantly enriching your environment with new intel, finding malware that snuck past your EDR because it didn’t know to look for it at the time.

Does Inception provide malware protection or stop breaches?

Inception is one part of your malware prevention strategy, powering your prevention controls. It generates threat intelligence to show you where malware got past your security controls and how long it’s been there (or how long it was there before it removed itself), but it won’t stop malware from entering your environment. You can then use that information to further strengthen your security posture.

Can Inception replace any of my current tools?

Inception can replace any malware analysis tools or sandboxes you currently use, and even goes a step beyond what others currently offer – like large-scale automated file ingestion, permanent retention, private environments, integrations, and more.

Can I choose what files Inception ingests? Is it just executables?

Inception has a file intake filter that you can adjust to include or exclude any file extension you want – excutables and beyond.

How does Inception handle personally identifiable information (PII)?

The default file intake list includes only file types that rarely have PII – files that contain or compile code, like executables, binaries, and scripts. While you’re able to adjust the file intake to include documents, PDFs, and text files, we do not include them in the default intake filter so that we reduce the amount of PII ingested without user input.

How does file ingestion work?

You have a few options. We have lightweight file forwarders for both Windows and macOS that you can deploy across your environment. You can also choose to have Inception ingest files through your EDR. In other instances, you can also upload single files through the Inception UI if you have a particular file you’re researching.

Is my environment private?

Each organization using Inception has a private environment. The files ingested by Inception are not publicly attributable to your organization.

Is Inception multi-tentant?

Inception is multi-tenant, so MSSPs can manage multiple organizations from within one private environment.