When you look at existing security solutions, they fall into one of two categories. They are either protection based, which is focused on keeping the bad guys out. Firewalls, intrusion detection, two-factor authentication fall into that category. Or they are response-based and designed to be implemented once we know the bad guys are in the network. Incident handling is a great example of that. The problem is tying these two together.
AC-Hunter bridges this gap by answering the important question “when have protections failed, and it is time to go into response mode?”
How? AC-Hunter will analyze the previous 24 hours of your network traffic to identify if there are any indications of an internal system that’s been calling out to the internet and creating a command and control channel (C2). That’s our core focus, that’s what we go after – C2 beaconing.
We have a unique solution. To begin with, we’re low touch — we need to monitor traffic going in and out of the internet and that’s it. There are no agents that need to be installed and we can protect everything, including Internet of Things devices that you can’t install software on. If the attackers are encrypting data, we can still spot those command and control channels.
We’ve also created a tool that’s very simple and easy to use. So, it’s not just the smartest person in your Security Operations Center that can do the threat hunting, this can go all the way to the junior analyst level.