AC-Hunter Enterprise Edition Hosted SaaS – Tier 3

$1375 per month

We host an exclusive AC-Hunter Enterprise Edition software instance for you on a cloud server and provide you access to log into the AC-Hunter web interface to view the current and historical analysis of your network traffic 24/7/365.

 

  • For a network POP of up to 1200 Megabits per second
  • 8‌ ‌Processors
  • 32‌ ‌GB‌ ‌Ram‌
  • 2‌ ‌TB‌ ‌storage‌

 

See description below for alternate payment methods.

Category:

Description

AC-HUNTER ENTERPRISE EDITION HOSTED SaaS – TIER 3 – $1375 per month:

  • For a network POP of up to 1200 Megabits per second
  • 8‌ ‌Processors
  • 32‌ ‌GB‌ ‌Ram‌
  • 2‌ ‌TB‌ ‌storage‌
  • Storage for approximately 120 days of live data.
  • All that’s required of you is to sync your network Zeek logs to the AC-Hunter cloud instance through a secure channel that we will help you prepare.
  • We maintain the AC-Hunter server including updates and support.
  • Automatic software updates and feature improvements as they are made available.
  • Access to our Portal Website to download our default Safelist, threat hunting tutorials, tricks and tips.
  • Two hours of free training included.
  • No term commitment. The AC-Hunter SaaS service can be cancelled at any time.
  • Custom configurations available. Contact us for more information.

AC-HUNTER PRIMARY FEATURES:

  • AC-Hunter can quickly analyze millions of connection requests and easily identify which systems or IoT devices have been compromised.
  • Identify compromised hosts on your network regardless of the operating system, hardware or network link speed.
  • AC-Hunter inspects encrypted sessions while maintaining data privacy and integrity.
  • No Agents to Install – AC-Hunter verifies all devices regardless of operating system or hardware.
  • Simple-to-use Interface – Designed for everyone from junior analysts to seasoned professionals.
  • SIEM and Slack Alerting – AC-Hunter continuously hunts your network looking for signs of command and control activity. When a backdoor is identified, we can notify you via Slack, the SIEM of your choice or a centralized logging server.
  • Safelisting – Safelist communications by single IP address, class A, B or C range, Org Name or Org ASN. Also by source, destination or pairs.

AC-HUNTER USER INTERFACE PRIMARY FEATURES:

  • Dashboard: Visualize your network hosts sorted by Threat Rating Score with a cumulative point breakdown of Threat Activity to quickly identify suspect systems.
  • Beacons Module: AC-Hunter detects consistencies and patterns in the behavior of backdoors. AI-Hunter utilizes a mixture of detection techniques that rely on attributes like an interval of connections, data size, dispersion, and advanced algorithms.
  • Strobes Module: Strobes are similar to beacons in that they are repeated connections between two IP addresses. Unlike a beacon which may try and hide its signaling, a strobe makes no attempt at being stealthy. A signal that triggers two or three times a second is an excellent example of a strobe.
  • Long Connections Module: Rather than calling home on a regular basis, attackers may try to simply call home and leave the connection open indefinitely. To spot this traffic, you can use our long connections module.
  • Threat Intel Module: AC-Hunter aggregates results from multiple threat intelligence feeds so that you have a single interface to spot highly suspect activity.
  • DNS Module: DNS C2 is one of the most common means for attackers to exploit highly-secure environments. AC-Hunter detects this by looking at the number of subdomains per domain and will flag suspicious quantities.
  • Client Signature Module: AC-Hunter analyzes Useragent Strings and SSL/TLS Hash to identify systems on your network that communicate in a unique fashion.
  • Certificate Module: The certificate module checks the digital certificate being issued by servers during outbound HTTPS connections.
  • Deep Dive Module: While the other AC-Hunter modules focus on a specific threat vector (beaconing, long connections, DNS tunneling, etc.), the Deep Dive module is designed to help assess the threat of a specific system.

MORE:

PAYMENT OPTIONS:

  • Credit Card – Select [PURCHASE] above and select Credit Card payment at checkout. Your account will be created and we will reach out to you for service setup.
  • Bank Transfer – Select [PURCHASE] above and select Bank Transfer payment at checkout. Your account will be created and you will receive an email to complete the bank transfer.
  • Check – Select [PURCHASE] above and select Check payment at checkout. Your account will be created and service access will be granted as soon as we receive your payment.
  • Purchase Order Number – Please contact us and we will take care of the process for you.
  • Invoice – Please contact us and we will take care of the process for you.
  • Partners/Re-sellers – If your company requires purchasing through pre-approved third-party vendors, please contact us and we will take care of the process for you.
  • Other – Have another method in mind? Please contact us to discuss other options.

Additional information

On Premise Network:

In order to capture traffic with Zeek at your location, you will need at least 2 network interface cards (NICs). One will be for the management of the system and the other will be the dedicated capture port. Intel NICs perform well and are recommended.
On Premise System Running Zeek:

PROCESSOR – Two cores plus an additional core for every 100 Mbps of traffic being captured. (three cores minimum). This should be dedicated hardware as opposed to virtual machines, as VM scheduling and resource congestion with other VMs can cause packets to be dropped or missed. MEMORY – 32GB minimum. 64GB if monitoring 100Mb or more of network traffic. 128GB if monitoring 1Gb or more of network traffic. STORAGE – 300GB minimum. 1TB or more is recommended to reduce log maintenance. SSD storage is strongly recommended as this can cut processing time significantly. We also recommend that you do not run RAID 5 as this doubles the number of read/writes per block, thus degrading I/O performance.

You may also like…