InQuest Provides Zero-Day Coverage Against Advanced Threats via Partner Exodus Intel

Posted on 2018-03-23 by Anindo Mukherjee

Threat intelligence is only as good as the sources that drive it, which is why InQuest integrates 0-day vulnerability detection into our product via research from Exodus Intelligence. Going beyond public vulns and in-the-wild samples, this level of coverage affords protection against new TTPs, long before they become part of the known threat landscape.



Zero-day Exploit Coverage

InQuest's network-based threat prevention solution integrates techniques and threat intelligence from a wide range of sources. Notable among those for providing insight into pre-emergent threats is our set of zero-day signatures developed in partnership with Exodus Intelligence. These allow us to detect attempts by sophisticated malicious actors to target vulns in widely used products such as Firefox, Adobe Reader, and other ubiquitous utilities found on workstations.

As vulnerabilities progress through their life cycle, their presence in the threat landscape shifts and grows. As a zero-day, the vulnerability's primary use is as an entry point for APT groups to gain a foothold into a network while evading workstation AV solutions. As n-day, or public vulnerabilities, these can still present a hazard to an organization's security posture as a patch may not be available, or the vendor patch may not yet be deployed to all systems on a network. Our zero-day protection for these vulnerabilities affords customers not just early detection for unknown threats, but a head start as vulns go public, while antivirus solutions have to race to update their own databases. Beyond just providing data for specific vulnerabilities, exploitation techniques gleaned from these reports feed into our proprietary Deep File Inspection stack, allowing InQuest to identify and protect against similar exploits in the same class.

Cutting-Edge Vulnerability Research

We are proud to partner with the team at Exodus Intelligence, a market leader in creating actionable information and vulnerability reporting. With their vast experience in finding exploitable bugs in both commercial off-the-shelf software, as well as embedded applications, Exodus provides a unique set of insights and capabilities. Whether it's Broadpwn, a fully remote exploit against the entire family of Broadcom WiFi chipsets present in Android and iOS devices, or their award-winning "Execute My Packet" attack against the Cisco Adaptive Security Appliance and firewall, their research can help organizations augment their security posture, no matter what their attack surface looks like. InQuest customers also have access to the Exodus web portal, where they can acquire detailed reports, exploit code, and their Enterprise Zero-Day Feed subscription for products affecting high-profile vendors.

Listed below is a partial table of selected zero-day vulnerabilites InQuest has coverage for, and links to the Exodus portal where you can find out more:

Zero-Day Vulnerability Product Versions Affected
EIP-2014-0025 Adobe Reader 11.0.0+
EIP-2014-0012 Adobe Reader 11.0.0+
EIP-2014-0011 Adobe Reader 11.0.0+
EIP-2017-0015 Mozilla Firefox 40+
EIP-2017-0016 Mozilla Firefox 40+
EIP-2017-0044 Foxit PhantomPDF 8.3.1
EIP-2017-0045 Foxit PhantomPDF 8.3.1
EIP-2015-0043 Foxit Reader 7 7.2.2.929
EIP-2015-0049 Foxit Reader 7 7.2.2.929
EIP-2016-0009 Nitro Pro 10.5.7.32


vulnerability 0day exploit threat-intel