Ocient and NetQuest: AI-Driven threat hunting at petabyte scale
Security teams today collect enormous volumes of telemetry across network, cloud, endpoint, and identity systems, along with increasingly rich forms of network-derived intelligence. But when an incident occurs, answering basic investigative questions — when an attack began, how it moved, and what was impacted — remains difficult.
Most platforms are optimized for alerting and short-term visibility, relying on sampling, aggregation, or limited retention to control cost and performance. As a result, critical content is lost, and evidence is fragmented across tools. This creates a persistent gap between detection and understanding.
The solution
Closing this gap requires solutions purpose-built for both massive datasets and deep investigation. That’s why NetQuest and Ocient are teaming up to deliver a new approach to threat hunting at scale. NetQuest converts raw traffic into rich, structured network intelligence. Ocient provides hyperscale storage, search, and correlation across that data. Together, they enable full-fidelity threat-hunting across complete datasets and extended time horizons.
What NetQuest + Ocient Solutions Enable
Full-fidelity hunting. No sampling or loss of detail or context.
Long-horizon investigation. Analyze months or years of data.
Cross-domain correlation. Unify network, identity, endpoint, and cloud.
Predictable economics. Retain and query massive datasets efficiently
Core Capabilities
- Network Intelligence. NetQuest turns raw traffic into enriched operational telemetry that analysts can investigate, pivot on, and correlate.
- Hyperscale Analytics. Ocient enables interactive search and join performance across trillions of records and long retention windows.
- Historical Lookback. Teams can search months or years of telemetry when a new IOC, infrastructure clue, or behavior pattern emerges.
- Operational Flexibility. The experience layer is open, allowing partner-led or customer-built UI and agentic workflows without changing the core platform.
Open by Design
A key differentiator in the NetQuest and Ocient story is that the investigative experience layer should be positioned as open architecture. Customers do not need to adopt a fixed interface or a closed AI workflow. They can use partner applications, integrate existing SOC and threat-hunting tools, or build their own mission-specific UI and agentic systems on top of the shared telemetry and analytics foundation.
Representative Use Cases
- APT Investigation. Trace suspicious infrastructure, domain, or communications patterns
- Ransomware Reconstruction. Follow the full attack chain, including credential abuse, lateral movement, and exfiltration signals
- Infrastructure-Centric Hunting. Determine first-seen, last-seen, breadth of exposure, and related entities.
- Insider Threat Analysis. Correlate network evidence with identity, access, and audit activity.
Conclusion
NetQuest provides the network-derived, high-fidelity intelligence layer. Ocient provides the hyperscale retention, search, and correlation layer. Above that foundation, the UI and agentic layer remains open so customers can choose partner solutions or roll their own experience. The result is a scalable and flexible architecture for long-horizon cyber defense.