One of the significant limitations of many security attestations is that they do not verify if a network being evaluated contains compromised systems. Today's security tools are incapable of distinguishing between normal network traffic and traffic from a risk-prone system. Active Countermeasures, a company that provides security tools, offers a couple of solutions that are effective, simple, and capable of protecting various systems by implementing effective security measures. Active Countermeasures offers AI-Hunter, which is an all-around network threat hunting solution that monitors all traffic going in and out of the internet to detect compromised hosts on the network. The solution analyzes connection requests and identifies which systems or IoT devices have been compromised regardless of the platform, operating system, or the network speed. “We collect a day’s worth of data, and parse through it, separating traffic into source and destination IP address pairs. We then leverage patented processes to look for telltale signs of command and control traffic, such as beaconing or exceptionally long connections,” says Chris Brenton, the COO of Active Countermeasures.
Recently, the company has introduced the new version of AI-Hunter, v2.1. Along with this, Active Countermeasures has also updated its open source product, RITA to v2.0.0-beta1. The company also identified a new communication category called “strobes”. These have a similar functionality as beacons but they are direct. Strobes occur due to poorly written code. As an example, HVAC systems check in with their status once every 0.1 seconds.
"We collect a day’s worth of data, and parse through it, separating traffic into source and destination IP address pairs. We then leverage patented processes to look for telltale signs of command and control traffic, such as beaconing or exceptionally long connections"
These updates have resulted in higher speed and scalability of the products. Datasets with an hour worth of processing currently need less than five minutes. This will support single connection pairs generating millions of connections per day without any overload on RITA and AI-Hunter.
Brenton says, "By providing security tools that are easy to use and capable of protecting all types of systems, we want to assist our customers to implement effective security measures." Active Countermeasures was featured in our Enterprise Security Magazine's “Top 10 Security Analytics Solution Providers – 2018.” The company is shifting focus from having to threat hunt the network every day, to only threat hunting when a suspicious system has been identified. This can dramatically lower the bar on the security skill needed to detect threats on a network so that a much wider audience can identify compromised systems effectively.