banner-Trees_lines-01.jpg

Technology

Transformational Approach to Threat Hunting

Counterflow’s approach to threat hunting incorporates a structured targeting and response methodology integrated with a machine learning platform. This integrated approach will  revolutionize the industrialization of machine learning models and provide the foundation to build a machine learning threat hunting intelligence platform further enabling security analysts to detect and avert advanced threats.

 

 

F3EA-gears.png

F3EA Targeting Methodology 

Applying a highly effective military methodology (F3EA) as a Cyber Threat Hunting framework enables the systems, techniques, tactics, and procedures that are needed to address today’s threat hunting requirements.

icon-Find_fingerprint-circle.png

Find

Detect anomalous and malicious activity using ML models

icon-Target.png

Fix

Triage and contextualize threat indicators with intelligence

icon-Finish_gears.png

Finish

Drive automation to alert, contain, and mitigate attacks

icon-Find_fingerprint-circle.png

Exploit

Extract, transform, and load threat artifacts from PCAP files

icon-Analyze_laptop_graph.png

Analyze

Train machine learning models with artifacts and log data

The Dragonfly Machine Learning Lifecycle

Building machine-learning models is only one step in a cybersecurity deployment. The key to success is to be able to deploy, iterate, and optimize models at scale, in a live network, across multiple time zones and countries.

Our Dragonfly platform industrializes the application of ML techniques in the cybersecurity domain to drive early detection of malicious activity and rapid defensive responses from SOC analysts. It includes:

  • Processes to continuously train models based on new threat data
  • Real-time deployment of models to hundreds of sensors across a global network
  • Optimized threat scoring engine
 
3.-3D---CFAI_update.png

Discover

Developing threat hunting models using machine learning to map network variables to targets and define relationships used for identification of unknown threats. 

  • Feature Engineering 
  • Threat Model Training
  • Model Testing and Validation

Deploy

A platform that drives rapid deployment of threat hunting models using a continuous DevOps approach designed to support streaming machine learning at the network sensor. 

  • Model Serialization and Versioning
  • Containerized Deployment
  • API-supported Automation

Detect

Model-driven threat prioritization minimizes the time to detection of emerging threats and provides the necessary context for network analysts to verify and respond to such threats. 

  • Threat Scoring and Prioritization
  • Threat Context
  • Threat Model Perfomance Monitoring and Iteration