WHAT ARE WE HUNTING?
For a second, imagine you’re a hacker looking to cash-in on a poorly protected business. You know the finance department reads any invoice they receive, so you email the accountants a malicious spreadsheet. Like clockwork, an employee opens the phony document, clicks “Enable Macros”, and you’re in! This company is now your oyster as long as you maintain access.
This scenario plays out everyday and most MSPs are well aware of the threat. However, many aren’t familiar with the techniques hacker’s use to create persistent footholds within these networks. That’s where Huntress steps in. We collect and analyze metadata about every application scheduled to automatically execute when a computer boots up or a user logs in. As soon as the hacker establishes their access, we’re there to kick them out.
The Huntress agent inventories each application scheduled to automatically start at boot or user login (persistent applications). Metadata on these applications are sent to the Huntress Analysis Engine for inspection. This lightweight design ensures user’s productivity is never hindered by resource intensive processes while the distributed cloud architecture protects your users in the office, at home, or on the go.
The analysis engine aggregates data from the Huntress agents and uses algorithms to discover malicious outliers (footholds) in the dataset. Each persistent application is evaluated using a combination of file reputation, frequency analysis, and other proprietary algorithms. When an anomaly is detected, Huntress delivers prioritized remediation recommendations—not alerts—to you and all other affected members within the Huntress community.
WHY IS THIS SO EFFECTIVE?
Modern antivirus primarily focuses on the actions performed by executable files and makes heuristic-based detections. Antivirus also uses static signatures to identify known malicious sections of files. Unfortunately, viruses are constantly evolving and techniques—like footholds—have largely been ignored. As a result, hackers today still successfully use the same persistence techniques they used in Windows 95 malware.
Huntress puts a stop to this and makes hackers earn every inch of their access within the networks we protect. Our Managed Detection and Response Service quickly discovers new and existing footholds regardless of the infection vector:
SHADY EMAIL ATTACHMENTS
MALICIOUS WEBSITE CONTENT
TAINTED USB DRIVES
Our technology and experts also complement any existing security investment and significantly enhance our partners’ managed security stack. This enables MSPs to fight hackers head-to-head while protecting their clients from downtime, costly cleanup, and damaged reputations.