Transformational Approach to Threat Hunting

Counterflow’s approach to threat hunting incorporates a structured targeting and response methodology integrated with a machine learning platform. This integrated approach will  revolutionize the industrialization of machine learning models and provide the foundation to build a machine learning threat hunting intelligence platform further enabling security analysts to detect and avert advanced threats.




F3EA Targeting Methodology 

Applying a highly effective military methodology (F3EA) as a Cyber Threat Hunting framework enables the systems, techniques, tactics, and procedures that are needed to address today’s threat hunting requirements.



Detect anomalous and malicious activity using ML models



Triage and contextualize threat indicators with intelligence



Drive automation to alert, contain, and mitigate attacks



Extract, transform, and load threat artifacts from PCAP files



Train machine learning models with artifacts and log data

The Dragonfly Machine Learning Lifecycle

Building machine-learning models is only one step in a cybersecurity deployment. The key to success is to be able to deploy, iterate, and optimize models at scale, in a live network, across multiple time zones and countries.

Our Dragonfly platform industrializes the application of ML techniques in the cybersecurity domain to drive early detection of malicious activity and rapid defensive responses from SOC analysts. It includes:

  • Processes to continuously train models based on new threat data
  • Real-time deployment of models to hundreds of sensors across a global network
  • Optimized threat scoring engine


Developing threat hunting models using machine learning to map network variables to targets and define relationships used for identification of unknown threats. 

  • Feature Engineering 
  • Threat Model Training
  • Model Testing and Validation


A platform that drives rapid deployment of threat hunting models using a continuous DevOps approach designed to support streaming machine learning at the network sensor. 

  • Model Serialization and Versioning
  • Containerized Deployment
  • API-supported Automation


Model-driven threat prioritization minimizes the time to detection of emerging threats and provides the necessary context for network analysts to verify and respond to such threats. 

  • Threat Scoring and Prioritization
  • Threat Context
  • Threat Model Perfomance Monitoring and Iteration