EchoTrail Hunt

Threat Hunting Made Easy

Overview

Is my network currently compromised? Do advanced attackers have access to my data? These are hard questions to answer and most companies can't answer them concretely, simply because they don't have the visibility to do so. Gaining the necessary visibility to find out is often too costly and time-intensive. The typical advanced attackers, often referred to as Advanced Persistent Threats (APT) gain and maintain access to victim networks for months before accomplishing their objectives and leaving or being detected. Antivirus and other standard security tools are unable to detect the presence of advanced attackers because attackers often don't bring their own malware or files. They use built-in tools provided by the operating system and often conduct activity that is similar admins or power users. This makes it hard for standard tools to distinguish between good guys and bad guys.

Advanced Behavioral Detection

Our hunting platform not only allows you to conduct your own custom hunts, but it also comes baked in with behavioral detection capabilities. You get a head start with our advanced adversary detection. Add your own detection and hunting requirements on top of what we've already done.
alerts

Playbooks

Advanced adversaries constantly change their tactics. Security companies need to stay on top of those changes and update their detection capabilities to match. Large security organizations have a hard time adapting at the same rate as smaller adversary groups. Our hunting and detection platform is built from the ground up to solve this problem. With our playbooks, analysts can create, test and deploy new detection capabilities in minutes, versus weeks or months for larger organizations.
playbooks

Bring your own Sensor

You can hunt on our platform with any endpoint sensor. Whether it's CrowdStrike, Carbon Black or another vendor, our platform will handle it. If you don't already have a sensor installed and want to keep costs down, you can use a lightweight sensor, built by Microsoft, called Sysmon. Install it in seconds with no reboot and no perceptible load on the system.
unusual_path