Description
AC-HUNTER ENTERPRISE EDITION HOSTED SaaS – TIER 2 – $1000 per month:
- For a network POP of up to 800 Megabits per second
- 6 Processors
- 16 GB Ram
- 1 TB storage
- Storage for approximately 60 days of live data.
- All that’s required of you is to sync your network Zeek logs to the AC-Hunter cloud instance through a secure channel that we will help you prepare.
- We maintain the AC-Hunter server including updates and support.
- Automatic software updates and feature improvements as they are made available.
- Access to our Portal Website to download our default Safelist, threat hunting tutorials, tricks and tips.
- Two hours of free training included.
- No term commitment. The AC-Hunter SaaS service can be cancelled at any time.
- Custom configurations available. Contact us for more information.
AC-HUNTER PRIMARY FEATURES:
- AC-Hunter can quickly analyze millions of connection requests and easily identify which systems or IoT devices have been compromised.
- Identify compromised hosts on your network regardless of the operating system, hardware or network link speed.
- AC-Hunter inspects encrypted sessions while maintaining data privacy and integrity.
- No Agents to Install – AC-Hunter verifies all devices regardless of operating system or hardware.
- Simple-to-use Interface – Designed for everyone from junior analysts to seasoned professionals.
- SIEM and Slack Alerting – AC-Hunter continuously hunts your network looking for signs of command and control activity. When a backdoor is identified, we can notify you via Slack, the SIEM of your choice or a centralized logging server.
- Safelisting – Safelist communications by single IP address, class A, B or C range, Org Name or Org ASN. Also by source, destination or pairs.
AC-HUNTER USER INTERFACE PRIMARY FEATURES:
- Dashboard: Visualize your network hosts sorted by Threat Rating Score with a cumulative point breakdown of Threat Activity to quickly identify suspect systems.
- Beacons Module: AI-Hunter detects consistencies and patterns in the behavior of backdoors. AC-Hunter utilizes a mixture of detection techniques that rely on attributes like an interval of connections, data size, dispersion, and advanced algorithms.
- Strobes Module: Strobes are similar to beacons in that they are repeated connections between two IP addresses. Unlike a beacon which may try and hide its signaling, a strobe makes no attempt at being stealthy. A signal that triggers two or three times a second is an excellent example of a strobe.
- Long Connections Module: Rather than calling home on a regular basis, attackers may try to simply call home and leave the connection open indefinitely. To spot this traffic, you can use our long connections module.
- Threat Intel Module: AC-Hunter aggregates results from multiple threat intelligence feeds so that you have a single interface to spot highly suspect activity.
- DNS Module: DNS C2 is one of the most common means for attackers to exploit highly-secure environments. AC-Hunter detects this by looking at the number of subdomains per domain and will flag suspicious quantities.
- Client Signature Module: AC-Hunter analyzes Useragent Strings and SSL/TLS Hash to identify systems on your network that communicate in a unique fashion.
- Certificate Module: The certificate module checks the digital certificate being issued by servers during outbound HTTPS connections.
- Deep Dive Module: While the other AC-Hunter modules focus on a specific threat vector (beaconing, long connections, DNS tunneling, etc.), the Deep Dive module is designed to help assess the threat of a specific system.
MORE:
- Additional AC-Hunter information including videos, webcasts and blog entries can be found at activecountermeasures.com
PAYMENT OPTIONS:
- Credit Card – Select [PURCHASE] above and select Credit Card payment at checkout. Your account will be created and we will reach out to you for service setup.
- Bank Transfer – Select [PURCHASE] above and select Bank Transfer payment at checkout. Your account will be created and you will receive an email to complete the bank transfer.
- Check – Select [PURCHASE] above and select Check payment at checkout. Your account will be created and service access will be granted as soon as we receive your payment.
- Purchase Order Number – Please contact us and we will take care of the process for you.
- Invoice – Please contact us and we will take care of the process for you.
- Partners/Re-sellers – If your company requires purchasing through pre-approved third-party vendors, please contact us and we will take care of the process for you.
- Other – Have another method in mind? Please contact us to discuss other options.