The Countercept Technology Stack
The Countercept platform isn’t just software, it’s a complete technology stack that enables us to hunt for advanced threat actors at multiple levels of your organization in real-time…
A cutting-edge EDR solution
Endpoint detection and response (EDR)
Designed from the ground up by MWR’s targeted attack teams and incident responders, our endpoint technology is designed to detect and continually record the subtle actions that threat actors cannot avoid when conducting an attack – actions that we know from many years’ experience would expose us when conducting targeted attack simulations. Our EDR solution identifies attacks by the techniques used, rather than by comparing to a list of known signatures or threat intelligence feeds.
Extensive coverage and agility
Our approach allows us to detect indicators across an incredible breadth of attacks, whether on-disk or in-memory, malware-based or malware-less, providing visibility that is not matched by other EDR solutions. Our unique architecture means that our endpoint sensor isn’t a fixed entity; rather, it provides our threat hunters with the ability to deploy custom modules if required during a live attack, enabling them to adapt rapidly.
Advanced IR capabilities
Our EDR solution has the capability to natively retrieve artifacts from a compromised host – everything that’s required to support a full incident response investigation and respond rapidly to an attack. Numerous containment features provide our threat hunters with the ability not only to isolate a host and kill a malicious process, but also to gain granular control over the compromised host and hence quickly deny the attackers access to your critical assets, preventing impact to your organization.
Machine learning and security analytics
At the core of the platform are sophisticated machine learning and security analytics techniques that cover not just one, but all data sources – endpoint activity, network traffic and log data. Cross-correlation of all these data sources provides Countercept with powerful insights into the attacker’s activity at multiple phases of the attack.
Attackers aiming to gain an initial foothold inside an organization will target specific employees to gain control of their workstations. Profiling each of the endpoints on your estate, and comparing them against each other, gives us the ability to identify rare and suspicious activity without the need for signatures or threat intelligence.
Access to a client portal provides you with a 24/7 view of the activity on your estate, allowing you to interact directly with the threat-hunting team for advice or an update on an active investigation.
WHAT MAKES AN EFFECTIVE SOLUTION
THE 3 PILLARS OF COUNTERCEPT
Every compromise situation is different, and the key pieces of evidence to unlock an investigation do not always appear where they are expected. For this reason, any comprehensive solution for detecting and responding to cyber attacks must be built on three key sources of data: log files, network traffic and the endpoint systems themselves. Visibility of all three is an absolute must for a professional solution. Countercept enables a world-class team of Threat Hunters to engage with each of these data sources in a way that allows us to proactively hunt down the threats in your environment.
Spotting the delivery and subsequent execution of an attack on your system requires you to perform a network security assessment. But what is good network security analysis?
Once attackers have landed on an end user’s system, the most likely way of spotting them is through endpoint host analysis. But what is good endpoint detection?
SECURITY LOG ANALYSIS
And once attackers are masquerading as legitimate users of your network, the most likely way of spotting them is through security log analysis. But what is good security log management?
ADVANCED THREAT ACTORS: DEAL WITH THE RISK
To request a demo or to talk more about Deteqt and its related cyber defence services, call +44 (0)8445 611 487 or email email@example.com.