CounterTack: In Progress Cyber Attack Intelligence and Response

Improve your intelligence and incident response capabilities.
CounterTack provides organizations with broader and richer, site-specific intelligence, enabling them to respond faster to an advanced cyber attack.Leveraging applied virtualization technology, CounterTack captures and analyzes instruction-level data from the host, identifying specific attack indicators and security policy violations.

No one knows you’re watching.
CounterTack’s solution operates in and below the hypervisor. There are no agents to be bypassed and no rootkits to be disabled. It’s like having an undetectable and omnipresent surveillance camera in the network that only you can access.

But you see everything.
Unlike most of today’s network-based solutions that can only see network traffic, CounterTack sits on the host, where it can see network traffic coming in and out. CounterTack easily exposes rogue process activity and identifies specific file modifications. Even an attacker’s encrypted shell session can’t hide from CounterTack

Take control. Reduce the attacker’s window of opportunity.
Today’s most damaging attacks are nothing like “hit and run” attacks of the past.They take place over a period of time and have multiple, distinct phases.

Imagine a house burglary. An intruder may have picked the lock on your front door, but before any real damage is done, the burglar needs to find and collect your valuables, fill the pillowcase and carry them out of the house.

Advanced persistent threat (APT)’s work in a similar fashion. The initial breach is only the first step. The attacker still needs to find, package and exfiltrate your information. CounterTack provides organizations with the ability to identify lateral movement, discern what information the attacker is seeking and take defensive measures to mitigate the attack’s impact.

CounterTack enables organizations to limit an attacker’s movement, dynamically deconstruct custom malware and create and post IDS/IPS signatures on the fly. Armed with CounterTack’s in-progress attack intelligence – including specific configuration errors and/or other vulnerabilities that have been exploited, -- you’re able to actively respond to an attack as it’s happening.

Improve your current security operations and incident response tools.

CounterTack plugs in to your existing security operations and incident response workflows. Alerts from CounterTack can be immediately sent to a security event management system like Splunk. This integration enhances the value of both systems, providing better context to triage alerts and respond appropriately to any real threats.

Learn more here:

Leave a Reply