The Countercept Technology Stack

The Countercept platform isn’t just software, it’s a complete technology stack that enables us to hunt for advanced threat actors at multiple levels of your organization in real-time…


Endpoint detection and response (EDR)

Designed from the ground up by MWR’s targeted attack teams and incident responders, our endpoint technology is designed to detect and continually record the subtle actions that threat actors cannot avoid when conducting an attack – actions that we know from many years’ experience would expose us when conducting targeted attack simulations. Our EDR solution identifies attacks by the techniques used, rather than by comparing to a list of known signatures or threat intelligence feeds.

Extensive coverage and agility

Our approach allows us to detect indicators across an incredible breadth of attacks, whether on-disk or in-memory, malware-based or malware-less, providing visibility that is not matched by other EDR solutions. Our unique architecture means that our endpoint sensor isn’t a fixed entity; rather, it provides our threat hunters with the ability to deploy custom modules if required during a live attack, enabling them to adapt rapidly.

Advanced IR capabilities

Our EDR solution has the capability to natively retrieve artifacts from a compromised host – everything that’s required to support a full incident response investigation and respond rapidly to an attack. Numerous containment features provide our threat hunters with the ability not only to isolate a host and kill a malicious process, but also to gain granular control over the compromised host and hence quickly deny the attackers access to your critical assets, preventing impact to your organization.

virus comp

Machine learning and security analytics

At the core of the platform are sophisticated machine learning and security analytics techniques that cover not just one, but all data sources – endpoint activity, network traffic and log data. Cross-correlation of all these data sources provides Countercept with powerful insights into the attacker’s activity at multiple phases of the attack.

Attackers aiming to gain an initial foothold inside an organization will target specific employees to gain control of their workstations. Profiling each of the endpoints on your estate, and comparing them against each other, gives us the ability to identify rare and suspicious activity without the need for signatures or threat intelligence.



Countercept’s EDR solution has an unprecedented capability to analyse memory across all endpoints at scale allowing us to detect fileless attacks which evade even leading EDR solutions. FIND OUT MORE

Ransomware protection

Considered one of the highest security threats to organizations, Ransomware attacks have increased dramatically in their sophistication and frequency. In addition to spreading automatically using wormable techniques (such as those adopted by NotPetya/WannaCry) there has been an increase in attackers manually deploying Ransomware as part of destructive CNA (Computer Network Attack) and extortion attempts.

Countercept includes RansomFlare – an endpoint Ransomware prevention module that uses signature-less, behavioral techniques (machine learning) to stop Ransomware attacks even if the sample has never been seen before in the wild.

RansomFlare Countercept Reverse Logo RGB AW



Every compromise situation is different, and the key pieces of evidence to unlock an investigation do not always appear where they are expected. For this reason, any comprehensive solution for detecting and responding to cyber attacks must be built on three key sources of data: log files, network traffic and the endpoint systems themselves. Visibility of all three is an absolute must for a professional solution. Countercept enables a world-class team of Threat Hunters to engage with each of these data sources in a way that allows us to proactively hunt down the threats in your environment.


Spotting the delivery and subsequent execution of an attack on your system requires you to perform a network security assessment. But what is good network security analysis?


Once attackers have landed on an end user’s system, the most likely way of spotting them is through endpoint host analysis. But what is good endpoint detection?

Countercept triangle


And once attackers are masquerading as legitimate users of your network, the most likely way of spotting them is through security log analysis. But what is good security log management?


To understand more about Countercept and how we can help protect your business, call +44 (0)3302230434 or email


Sign up for News & Research +-