AC-Hunter Software Package PLUS

$15,796 -- AC-Hunter Software PLUS Support and Updates for the First 3 Years - Recurring Support Subscription of $3999 per Year Thereafter.

Credit card purchase provides immediate access to the AC-Hunter Software. See description below for alternate payment methods.

 

* Team Name is required for purchase. (recommended: your company’s name)

Category:

Description

INITIAL PURCHASE – SOFTWARE + FIRST 3 YEARS SUPPORT SUBSCRIPTION: $15,796

  • Download of the AC-Hunter Software
  • Latest Version Downloads
  • Customer Support
  • Software Updates and Feature Improvements
  • Patches and Fixes
  • Access to Portal Website Threat Hunting Tutorials, Tricks and Tips
  • Access to Portal Website Team Membership (Team of 10 website users you define)

RECURRING SUBSCRIPTION – SUPPORT & UPDATES YEAR 4+: $3999/yr.

  • Automatic Enrollment – No Surprise Charges and You Can Cancel Anytime
  • Continued Access to Latest Version Downloads
  • Continued Access to Customer Support
  • Continued Access to Software Updates and Feature Improvements
  • Continued Access to Patches and Fixes
  • Continued Access to Portal Website Threat Hunting Tutorials, Tricks and Tips
  • Continued Access to Portal Website Team Membership (Team of 10 website users you define)

AC-HUNTER PRIMARY FEATURES:

  • AC-Hunter can quickly analyze millions of connection requests and easily identify which systems or IoT devices have been compromised.
  • Identify compromised hosts on your network regardless of the operating system, hardware or network link speed.
  • AC-Hunter inspects encrypted sessions while maintaining data privacy and integrity.
  • No Bandwidth Restrictions – Use AC-Hunter to analyze as much network traffic as you wish.
  • No Agents to Install – AC-Hunter verifies all devices regardless of operating system or hardware.
  • Open Site Licence – Deploy as many copies as you need within your organization.
  • Simple-to-use Interface – Designed for everyone from junior analysts to seasoned professionals.
  • SIEM and Slack Alerting – AC-Hunter continuously hunts your network looking for signs of command and control activity. When a backdoor is identified, we can notify you via Slack, the SIEM of your choice or a centralized logging server.
  • Whitelisting – Whitelist communications by single IP address, class A, B or C range, Org Name or Org ASN. Also by source, destination or pairs.

AC-HUNTER USER INTERFACE PRIMARY FEATURES:

  • Dashboard: Visualize your network hosts sorted by Threat Rating Score with a cumulative point breakdown of Threat Activity to quickly identify suspect systems.
  • Beacons Module: AI-Hunter detects consistencies and patterns in the behavior of backdoors. AC-Hunter utilizes a mixture of detection techniques that rely on attributes like an interval of connections, data size, dispersion, and advanced algorithms.
  • Strobes Module: Strobes are similar to beacons in that they are repeated connections between two IP addresses. Unlike a beacon which may try and hide its signaling, a strobe makes no attempt at being stealthy. A signal that triggers two or three times a second is an excellent example of a strobe.
  • Long Connections Module: Rather than calling home on a regular basis, attackers may try to simply call home and leave the connection open indefinitely. To spot this traffic, you can use our long connections module.
  • Threat Intel Module: AC-Hunter aggregates results from multiple threat intelligence feeds so that you have a single interface to spot highly suspect activity.
  • DNS Module: DNS C2 is one of the most common means for attackers to exploit highly-secure environments. AI-Hunter detects this by looking at the number of subdomains per domain and will flag suspicious quantities.
  • Client Signature Module: AI-Hunter analyzes Useragent Strings and SSL/TLS Hash to identify systems on your network that communicate in a unique fashion.
  • Certificate Module: The certificate module checks the digital certificate being issued by servers during outbound HTTPS connections.
  • Deep Dive Module: While the other AC-Hunter modules focus on a specific threat vector (beaconing, long connections, DNS tunneling, etc.), the Deep Dive module is designed to help assess the threat of a specific system.

MORE:

PAYMENT OPTIONS:

  • Credit Card – Select [PURCHASE] above, select Credit Card payment and get instant access to download AC-Hunter and get started right away!
  • Bank Transfer – Select [PURCHASE] above, select Bank Transfer payment. Your account will be created and you will receive an email to complete the bank transfer. AC-Hunter access will be granted as soon as we receive your payment.
  • Check – Select [PURCHASE] above, select Check payment. Your account will be created and AC-Hunter access will be granted as soon as we receive your payment.
  • Purchase Order Number – Please contact us and we will take care of the process for you.
  • Invoice – Please contact us and we will take care of the process for you.
  • Partners/Re-sellers – If your company requires purchasing through pre-approved third-party vendors, please contact us and we will take care of the process for you.
  • Other – Have another method in mind? Please contact us to discuss other options.

Additional information

System Requirements:

AC-Hunter requires two systems, one running Zeek and the other running RITA and AI-Hunter. The following are the minimum system requirements for each.

Operating Systems:

Both systems are designed to run on the Linux operating system. The preferred platform is 64-bit Ubuntu 16.04 LTS, however CentOS 7 is supported as well. AC-Hunter will install all of the required dependencies. Note that Ubuntu 18.04 and 18.10 are not supported at this time because of an issue between Zeek and the openssl library used in Ubuntu 18.x.

Network:

In order to capture traffic with Zeek, you will need at least 2 network interface cards (NICs). One will be for the management of the system and the other will be the dedicated capture port. Intel NICs perform well and are recommended.

System Running Zeek:

PROCESSOR – Two cores plus an additional core for every 100 Mbps of traffic being captured. (three cores minimum). This should be dedicated hardware as opposed to virtual machines, as VM scheduling and resource congestion with other VMs can cause packets to be dropped or missed. MEMORY – 32GB minimum. 64GB if monitoring 100Mb or more of network traffic. 128GB if monitoring 1Gb or more of network traffic. STORAGE – 300GB minimum. 1TB or more is recommended to reduce log maintenance. SSD storage is strongly recommended as this can cut processing time significantly. We also recommend that you do not run RAID 5 as this doubles the number of read/writes per block, thus degrading I/O performance.

System Running RITA and AC-Hunter:

Can be run as a virtual machine if provided sufficient resources. PROCESSOR – Two cores minimum. Four recommended. MEMORY – 16GB minimum. 32GB or more recommended. STORAGE – 1 TB minimum. Additional storage is recommended if you plan to keep data for an extended period of time (more than a few weeks). We recommend using XFS for the file system partition type. NETWORK – Standard Ethernet network card interface (physical or virtual).