Active Countermeasures offers AI-Hunter, which is an all-around network threat hunting solution that monitors all traffic going in and out of the internet to detect compromised hosts on the network.
In one instance, Active Countermeasures assisted one of their customers thatonly had two individuals managing their network security. Often occupied with work, the personnel seldom found time to check their network for compromised systems. By implementing AI-Hunter, they were able to outsource the first pass at threat hunting to the help desk team. Every day a person did the initial threat hunt and presented a report to the security team. The team then followed up only when a threat was identified.
Brenton highlights another instance where a customer with a law enforcement agency was called into a site because of a compromise and their remedial actions were strictly limited. Also, it is difficult for an organization to install agent software on all suspect systems. Instead of asking the organization to install agent software, they requested the company to capture a few days worth of network traffic data. The packet captures were then sent to a central location where the law enforcement agency used AI-Hunter to identify points of compromise.
Active Countermeasures is planning on major interface changes over the next few months. They are looking forward to shifting the focus from having to threat hunt the network every day, to only threat hunting when a suspicious system has been identified. This can dramatically lower the bar on the security skills needed to identify threats on a network so that a much wider audience can identify compromised systems effectively.
The company’s founders John Strand, Paul Asadoorian, and Chris Brenton hold significant experience in providing tools and training focused on information security. They have been SANS instructors, involved with defining security standards, provided numerous free webcasts and blog entries, and supported many open source security projects. “By providing security tools that are easy to use and capable of protecting all types of systems, we want to assist our customers to implement effective security measures,” concludes Brenton.