For a second, imagine you’re a hacker looking to cash-in on a poorly protected business. You know the finance department reads any invoice they receive, so you email the accountants a malicious spreadsheet. Like clockwork, an employee opens the phony document, clicks “Enable Macros”, and you’re in! This company is now your oyster as long as you maintain access.
This scenario plays out everyday and most MSPs are well aware of the threat. However, many aren’t familiar with the techniques hacker’s use to create persistent footholds within these networks. That’s where Huntress steps in. We collect and analyze metadata about every application scheduled to automatically execute when a computer boots up or a user logs in. As soon as the hacker establishes their access, we’re there to kick them out.
Modern antivirus primarily focuses on the actions performed by executable files and makes heuristic-based detection’s. Antivirus also uses static signatures to identify known malicious sections of files. Unfortunately, viruses are constantly evolving and techniques—like footholds—have largely been ignored. As a result, hackers today still successfully use the same persistence techniques they used in Windows 95 malware.
Huntress puts a stop to this and makes hackers earn every inch of their access within the networks we protect. Our Managed Detection and Response Service quickly discovers new and existing footholds regardless of the infection vector:
The Huntress agent inventories each application scheduled to automatically start at boot or user login (persistent applications). Metadata on these applications are sent to the Huntress Analysis Engine for inspection. This lightweight design ensures user’s productivity is never hindered by resource intensive processes while the distributed cloud architecture protects your users in the office, at home, or on the go.
The analysis engine aggregates data from the Huntress agents and uses algorithms to discover malicious outliers (footholds) in the data-set. Each persistent application is evaluated using a combination of file reputation, frequency analysis, and other proprietary algorithms. When an anomaly is detected, Huntress delivers prioritized remediation recommendations—not alerts—to you and all other affected members within the Huntress community.