Hunt Engine

Not inference. Not signatures. Evidence. The detection layer of DDR.

99.995%Precision*
98.4%Zero-day efficacy*
48,000+Threats stopped in 2025*
ZeroRansoms paid

* Observed across large enterprise environments and billions of file inspections daily. How we measure

Detection Capabilities

Each model targets a distinct threat class across the data attack surface.

Zero-Day Ransomware Detection

Unknown ransomware detected by inspecting inside the file. Trained on 2,300+ families. Catches what signatures miss.

Insider Threat Detection

Selective data manipulation by actors with legitimate access.

Malware Detection

Trojans, backdoors, rootkits, and cryptominers that survived backup cycles. Found before they reinfect on restore.

Custom Hunt

Your rules run alongside Elastio-managed detections. Write once in SQL, YARA, or Regex. Deployed across live data, replicated data, and backups immediately. No software update required.

How SOC teams use Custom Hunts →

Model-Driven Detection

Independent models. Run concurrently. Each targets a distinct dimension of how ransomware alters data. Combined, they cover what no single approach can.

Ransomware Intelligence

99.995%detection precision

Reverse-engineered from 2,300+ families and 10,000+ variants. Identifies which family, which variant, and exactly which files are affected — not just that something is wrong. 25–40 new samples analyzed weekly.

Behavioral Analysis

98.4%zero-day efficacy

Pre-trained on the full ransomware landscape. Does not require your data. Catches unknown and zero-day ransomware with no prior signature. Fewer than 5 false positives per 10 million files.

Temporal Analysis

10xfaster than full base inspection

Tracks file evolution incrementally across every data source. Catches slow encryption stretched over days or weeks — attacks that point-in-time inspection cannot see.

Encryption Detection

99.97%accuracy on first 64KB

Analyzes the raw data stream using the first 64KB of each file. Distinguishes true randomness from cryptographic randomness. Independent of all other models. Strong for insider threats — even one newly encrypted file per day stands out.

Read the research:The Accuracy Gap (White Paper)

How Hunt Runs

Two tools. Different purposes. Used together. The Hunt CLI investigates mounted snapshots and backups forensically. The Elastio platform runs the detection models above continuously across your entire data estate.

Interactive Hunt Mode

Forensic Investigation

A self-contained binary. Mount any snapshot or backup directly. Hunt runs against the mounted data at full speed. No restore required before investigation. Used for targeted forensic investigation and air-gapped environments. IOCs found here feed the Custom Hunt rules you deploy to the platform.

Mount PointHunt CLIStructured Findings

Background Hunt Mode

Continuous Hunt · Entire Data Estate

The Elastio platform runs the Hunt Engine continuously across every data source. Every detection model runs automatically. Custom Hunt executes your own rules alongside the Elastio-managed IOC library. Mounting, execution, and result routing are fully automated.

PolicyLive | Replicated | BackupOrchestrated HuntCentralized Findings
Evaluating alternatives?See how Elastio compares
PROVE YOUR RECOVERY

Ready to see your last known
clean point?

Book a Recovery Assessment
orRequest a Demo
New to this category? See the Elastio glossary
Elastio