Firebug is a rapid detection tool for Lateral Movement, Alien Computers & Baseline Anomalies.

Firebug detects Lateral Movement by providing visibility of abnormal uses and abnormal behaviour in Windows-specific protocols that can identify attackers before they can do damage to your network.

• Detect abuses of SMB, WinRM, and LDAP protocols to catch attackers attempting to move through Windows networks with Firebug’s proprietary advanced statistics engine.

• Find attackers performing internal machine and service reconnaissance using port scanning tools with Firebug’s transient portscan detection.

• Identify insider and outsider threats using behaviour, not signature.

Firebug listens for alien computer activity on your network and can passively identify machines on secured networks that should not be there, and can provide visibility of computers making unauthorised contact with networks they should not.

• Identify computers that attach themselves to networks they should not use passive monitoring of traffic

• Find users accessing data and services that they should not be accessed by identifying new and unusual access to secured networks

• Find misconfigured computers and identify lost assets by mapping out machines in your network using Firebug’s network data

• Catch attackers attempting to migrate from public wifi and other insecure networks by identifying computers crossing secure/insecure boundaries 

Firebug’s proprietary advanced statistics engine can identify abnormal activity while it is baselining your network, meaning it can raise security and operations issues within the first 24 hours, rather than in six months. Find an unusual activity and misconfigurations in networks such as:

• Remote access to windows systems that are no longer needed, but not yet disabled, by detecting unusual outbound and cross-network uses of LDAP, WinRM, and SMB

• Beaconing attacker toolkits like Covenant and Empire through HTTPS and DNS anomaly detection

• Abuses of DNS including Data exfiltration and C2 traffic using Firebug’s inbuilt DNS comprehension

• Misconfigured servers doing things in strange, unusual, or unexpected ways that could have operational or security implications via Firebug’s broad visibility of protocol

Uplift your Active Cyber Defence

Get visibility of the devices & traffic that can't be covered by your Endpoint & Perimeter protection with Firebug. This active, fast, flexible and accessible tool gives your team:

Firebug is flexible & interoperable. It can be deployed as a virtual instance on any server with standard specification that can provide an ingest of network traffic and is positioned near strategic network assets (eg. DMZ, Public WiFi, Data Centre). Each instance can give visibility of up to 1 Gb/s which can cover approximately 500 Endpoints on a typical network.

per instance which equates to approx 500 endpoints

Book a demo

Book a demo today and we’ll help you find threats in your network faster.