Offering advanced cybersecurity solutions to a wide variety of clients, Active Countermeasures’ AC-Hunter is a solution that threat hunts your network to identify which of your systems have been compromised across a myriad of networks. It also champions the sharing of how it accomplishes these things, working hard to make security training and implementation accessible to all.
Run by a team approaching its work with enthusiasm and vigour, all of whom are self-professed ‘like-minded geeks’, Active Countermeasures is a USA based company aiming for excellence. Providing its clients with effective cybersecurity measures, it offers free training, leadership courses, and open source and commercial tools, all with the aim of increasing awareness and education. To this end, it offers webcasts available on its website that talk a client through covering C&C in the Mitre ATT&CK Matrix, network knowledge, and onboarding for programmes such as RITA. These lectures are informative and accessible; and with the diversity of topics covered within its field, users are guaranteed to find something of use to them. Its training also helps to bolster this, with a threat hunting training course that you can register for through its online portal. This training will take a user through course slides, course video recordings, hands-on lab studies, FAQ documents, and downloadable notes to enhance learning. At the end of the training, the user will have gone through all the relevant processes to receive a certification that will surely help them to further their knowledge and career. A visitor to its site can also download the slide deck and watch the threat hunt training course recording through a YouTube link.
Recently, it has even updated the options for the lab performance segments of its module, and encourages returning students to have a look through what has changed before they dive back in. For students performing the practical lab sections of their training, they can either download a copy of the VMWare virtual machine upon which to perform it; or start their own Linux system and run the class install script. Both of course have their merits, but Active Countermeasures leaves it up to the student which one they see fit to do. In terms of its flagship product, however, it specialises in network threat detection software, offering its sophisticated AC-Hunter solution. AC-Hunter is a programme that will hunt down all threats to a client’s network to make it safe; it will identify which systems have been compromised and sends alerts for further investigation. It’s also completely easy to use. With no agents to install, AC-Hunter is an intuitive and user-friendly solution that seamlessly integrates itself with no mess or fuss. It verifies all devices, including IoT, IIoT, and BYOD, regardless of what operating system of hardware a client is using. It has a singular task and approaches it with efficacy and quickness, enabling threat hunting success no matter the experience level of the client’s IT team. In this way, it makes itself usable by persons of all levels of experience, from seasoned professionals to junior analysts and new hires.
When talking about cybersecurity, it is often the case that an existing solution will fall into one of two categories. Active Countermeasures has come to divide these into protection based and response-based measures. On the ‘protection based’ side of things, the solutions are focused on keeping attackers out by way of firewalls, intrusion detection, and two-factor authentication. On the ‘response-based’ side, however, the solutions are designed to be implemented once the attackers enter the network, cracking down on incidences as they are happening; this is where measures such as incident handling come into play. Often, issues arise when a company has one and not the other, and therefore is limited in what they can handle and how. AC-Hunter is one of the few programmes on the market that can offer both. To be able to handle this, AC-Hunter will analyse 24-hour chunks of network traffic in order to ascertain if there were any indications of an internal system with an unguarded gateway out into the wider internet and a command and control channel. This is its core focus; C2 beaconing. A deceptively simple yet incredibly effective response to cybersecurity, Active Countermeasures’ low touch nature means that they are minimally disruptive to their client’s business, too. In this context, ‘low touch’ means that they need to monitor for traffic going in and out of the internet, and nothing else. In this way, with nothing else needing to be installed, it ensures it can conduct all its operations whilst not getting in the way of any of the company’s crucial processes. It can also spot when attackers are encrypting data, identifying the resulting command and control channels that such intrusions result in.
Active Countermeasures also holds itself to incredibly high standards of effectiveness, being one of the few tools like it in its sphere. It therefore seeks to excel within its niche, not satisfied until it can verify that a company’s network is free of intrusion and forever working on how solidly it can guarantee that this is the case. It also offers audio visual tools and log review, as well as tools and processes such as forensics to stop and investigate a breach when a system is compromised. Its solutions also come fully equipped with recovery and defence of a system after an attack to allow it to get back on its feet quickly and with minimal to no losses. Regarding the CEO, John Strand, he is a published author and Senior SANS Instructor, owning the Black Hills Information Security firm. Black Hills is one of the most recognisable names in cybersecurity and threat hunting as an industry, a prestige which the CEO has brought with him to Active Countermeasures. He has been lauded for the creation of some of the most sophisticated solutions in fighting cyber intrusions, giving frequent webcasts as a Black Hat presenter with a passion for sharing his security skills with a wider audience. In this manner, much of his work has been on empowering others to take the appropriate steps to secure their networks.
The Chief Operating Officer approaches the company with a similar unbeatable energy and ambition. Chris Brenton has been a leading voice in the IT and cybersecurity industry for over 20 years now, bringing this breadth and depth of expertise to the table to make Active Countermeasures the best it can possibly be. Much like John Strand, he is a published author of multiple educational books on his areas of expertise. He is also the primary author of the Cloud Security Alliance’s online training manual, which has proved an invaluable training resource. Additionally, he has developed and delivered courses for the SANS Institute. Over his time in the industry, he has assisted multiple start-ups, helping them to improve their product security and continuing to develop and improve when they hit technical brick walls. He also specialises in helping a company ensure that their product is market fit. As a final note on the named expertise driving this company forward, its partner, Paul Asadoorian, is a host and producer for Enterprise Security Weekly. This podcast has claimed multiple accolades over its eleven years of life, becoming the most popular security podcast in the world and cultivating it until it became a world-renowned series shedding light on different aspects of cybersecurity. Paul is an author, presenter, and organiser, running events up and down the country. He has a keen interest in researching embedded device security that he has brought to Active Countermeasures, and, like all involved in this business, champions sharing his knowledge for the betterment of his sector in the macro.
Internally, Active Countermeasures takes great pride in their team of highly talented developers and growth team. With so many motivated and talented voices represented in its staff, it has never been a company that will settle for second best, in any aspect of its operation. Its employees are encouraged to be passionate about problem solving and fully immerse themselves in the task at hand. It affords each team member a lot of trust to get the job done correctly, with an agile and blameless post-mortem system that allows staff to look back on past projects and grow from feedback. If something new is tried, even if it fails, what matters is that the idea was attempted to the best standards possible. A failure is simply a learning experience, and one that will benefit the business to learn from, so new hires are encouraged to approach tasks with a fearless energy knowing that the company is supporting them. When it comes to identifying these new hires, it consequentially seeks people who will fit in with this culture first and foremost. Skills can be taught, attitude cannot. Far from this being a simple idiom, it is also another core part of its process, as it prizes offering learning and upskilling opportunities to each member of its team.
Its approach is also one that sets it apart from its competition, as its software development process is one formed from years of pen-testing enterprise networks. Therefore, it knows the systems it works with like the back of its hand, and Active Countermeasures can push forward towards its goal of lessening the time gap between a system experiencing an attack, the team discovering the attack, and the attack being remediated. Its software will allow its clients to do this, only continuing to get better at doing so. Thus, its goals and ambitions are all fuelled by its belief that defending against adversaries should be affordable and achievable, and not a barrier to businesses. Active Countermeasures therefore has earned itself a wide range of clients across a range of business types and setups. This includes private, military, governmental, financial, and health care facilities; all of which need fool proof cyber security measures as a priority. Its clients appreciate the peace of mind that Active Countermeasures offers them.
In terms of the challenges it has faced during its time in operation, it mentions the examples of cognitive bias that it has faced. These often favour the older, more labour intensive, and more error prone processes offered in the industry, which result in inconsistency as well as severe costs in terms of time and money. For example, overall, much of the cybersecurity industry still champions reviewing system logs to try and identify where a system has become compromised. This is one of the oldest technologies available other than authentication control, and its lack of consistent accuracy sometimes means that attackers are left in the system for months before they are detected, often by a third party. Active Countermeasures is bucking this trend by showing companies what they could have instead: minimally intrusive, maximumly effective, completely streamlined processes that combine protection and response.
Despite its already existing achievements of exemplary solutions for its clientele, it is also committed to ensuring that it does not stagnate. As it works in such a changeable industry, it is aware that new technologies, processes, and tools are being produced on a near daily basis. By keeping abreast of these, it can constantly improve its AC-Hunter service, its educational tools, and its services across the board. In addition, to help it achieve this, it is careful to listen to and take on all feedback. By acting on the suggestions and observations of its clients, it does an excellent job of ‘showing not telling’ this element of its business, updating itself accordingly. It also plans to expand the free threat hunter training so that clients and users alike can also keep apace of new technologies. All the above has allowed it to retain a position of prestige, and as it gains and impresses more and more clients, this company has set itself on an upward track to continued success.
For more information, please contact Kris Chew at www.activecountermeasures.com