Cybersecurity is an integral part of any organization. It is a mechanism through which organizations and technology collaborate to protect the systems, network, and data from digital attacks. As the world is disrupted by technology, and organizations accumulate structured and unstructured data across all the possible resources, the risk of cyberattacks has surged. These attacks aim to access, change, and destroy the sensitive information of organizations. In many instances, the cyberattacks extend to privacy infringement and fraud, ensuing interruption in business processes. Hence, implementing useful cybersecurity tools has become imperative for organizations.
Many companies leverage cybersecurity tools and services that can mitigate cyberattacks. But implementing effective cybersecurity measures require solutions that well-address the overall challenges of underlining network infringement. This implies a system that can thwart cyberattacks, identify the source, and alert the user from future attacks. One such company with an overall module to provide a secured network for its customers is Active Countermeasures.
Active Countermeasures is a cybersecurity company that aims to improvise the security community. Enabled with thought leadership, free training, open-source and affordable commercial tools, the company ensures the cybersecurity of its clientele's systems. Active Countermeasures' product AI-Hunter™ threat hunts the client's network to identify which system is compromised.
The solution digs through millions of log entries of the client to identify suspect systems and assigns a colour-coded threat score for each internal system, which is visible in an easy-to-read dashboard. The higher the score, the more likely the system is compromised. Active Countermeasures' product AI-Hunter observes the specific threat activity which generated the score.
The company's tool detects malware by targeting its network communications. Instead of analyzing the host, AI-Hunter scrutinizes the client's network traffic for signs of a compromised systems. Earlier this month, the company launched the latest version of AI-Hunter, which has a new column with an icon that indicates whether the threat connection is inbound or outbound.
John Strand is the Founder of Active Countermeasures, Black Hills Information Security, and Wild West Hack'n Fest. He is a published author, former Senior SANS Instructor, and an eminent name in the threat hunting industry. As a frequent webcast and Black Hat presenter, John is passionate about sharing his security skillset with the masses. With the focus to empower others to secure their network, he has created some of the best available open-source threat hunting tools.
Active Countermeasures has tools and techniques that support clients in protecting their networks, such as firewalls, AV, and log review and recovering when a system is compromised, like incident handling, forensics, and more. Active Countermeasures concentrates on solving the missing link between identifying when a network's protections have failed and a response to the incident is required. Active countermeasures ensures that the network is free of intruders.
The company provides both open-source and cost-effective commercial threat hunting tools. Active Countermeasures presents free training through the company's 'Introduction to the threat hunting' course to the clients. The company holds 24 different patents on the processes which identify covert communication channels. This enables Active Countermeasures to detect command and control channels that get missed by other products. The company's focus on simplicity empowers even junior analysts to effectively perform threat hunting across their network.
The company aims at changing the way cyber threat hunts get performed. According to Active Countermeasures, the historical method of reviewing system logs for threat hunting does not work. Detection of successful intrusions on an average takes six months, with an outside organization detecting the majority of cases. The company advocates focusing on the network first in order to protect desktop servers, IoT, IIoT, network hardware, and BYOD, amongst other devices by reducing the detection time from months to hours. System logs can then be used for forensic analysis.
Active Countermeasure's product was evaluated by a Managed Security Provider, having more than 12,000 employees, to securely monitor and understand the network traffic patterns for one of their big clients. The company's commercial tool quickly identified two command and control channels, each from a different nation-state actor. Followed by which, the provider immediately purchased multiple AI-Hunter licenses.
The company anticipates an increase in the application of threat hunting. Historically, organizations have achieved security attestations such as PCI DSS, SOC II, and ISO 27001, amongst many others, in an effort to protect their networks. These attestations have not been successful at keeping attackers off of our networks. The company says that cybersecurity has one foundational goal: to keep adversaries out of the network and away from the data. With the continuous increase in intrusions, organizations will look for techniques like threat hunting to keep the network safe.
