
SOVEREIGN ACTIVE THREAT HUNTING & NETWORK MONITORING SOFTWARE
firebug
ACTIVE NDR
LATERAL MOVEMENT
ALIEN COMPUTERS
BASELINE ANOMALIES
Hyprfire’s Firebug is an active, fast, flexible & accessible Threat Hunting & Network Monitoring tool that uses Statistics and Explainable AI to give your network security team the best chance to defend against the next wave of attack. Whether that's through detecting Lateral Movement, Alien Computers, Baseline Anomalies or other attacker behaviour, the moment they make a move firebug will highlight and report them. It is a lightweight virtual appliance that can snaps into your existing stack, to uplift your team’s Active Cyber Security capability and capacity to seek out, detect, contain, and resolve any threats to your network.
ACTIVE
Network threat hunting now
FAST
Knows your network in minutes
FLEXIBLE
Lightweight virtual appliance
$
ACCESSIBLE
Enterprise capability at SME pricing
finding threats on your network faster.
Firebug is a rapid detection tool for Lateral Movement, Alien Computers & Baseline Anomalies.
Lateral Movement
Firebug detects Lateral Movement by providing visibility of abnormal uses and abnormal behaviour in Windows-specific protocols that can identify attackers before they can do damage to your network.
-
Detect abuses of SMB, WinRM, and LDAP protocols to catch attackers attempting to move through Windows networks with Firebug’s proprietary advanced statistics engine.
-
Find attackers performing internal machine and service reconnaissance using port scanning tools with Firebug’s transient portscan detection.
-
Identify insider and outsider threats using behaviour, not signature.
Alien Computers
Firebug listens for alien computer activity on your network and can passively identify machines on secured networks that should not be there, and can provide visibility of computers making unauthorised contact with networks they should not.
-
Identify computers that attach themselves to networks they should not use passive monitoring of traffic
-
Find users accessing data and services that they should not be accessed by identifying new and unusual access to secured networks
-
Find misconfigured computers and identify lost assets by mapping out machines in your network using Firebug’s network data
-
Catch attackers attempting to migrate from public wifi and other insecure networks by identifying computers crossing secure/insecure boundaries
Baseline Anomalies
Firebug’s proprietary advanced statistics engine can identify abnormal activity while it is baselining your network, meaning it can raise security and operations issues within the first 24 hours, rather than in six months. Find an unusual activity and misconfigurations in networks such as:
-
Remote access to windows systems that are no longer needed, but not yet disabled, by detecting unusual outbound and cross-network uses of LDAP, WinRM, and SMB
-
Beaconing attacker toolkits like Covenant and Empire through HTTPS and DNS anomaly detection
-
Abuses of DNS including Data exfiltration and C2 traffic using Firebug’s inbuilt DNS comprehension
-
Misconfigured servers doing things in strange, unusual, or unexpected ways that could have operational or security implications via Firebug’s broad visibility of protocol
Uplift your Active Cyber Defence
Get visibility of the devices & traffic that can't be covered by your Endpoint & Perimeter protection with Firebug. This active, fast, flexible and accessible tool gives your team:
firebug
ACTIVE NDR
FOCUS
on unusual network behaviour
INSIGHTS
to determine if it’s authorised, a vulnerability or an active attack.
COORDINATES
to respond quickly to the behaviour
How to deploy firebug
Firebug is flexible & interoperable. It can be deployed as a virtual instance on any server with standard specification that can provide an ingest of network traffic and is positioned near strategic network assets (eg. DMZ, Public WiFi, Data Centre). Each instance can give visibility of up to 1 Gb/s which can cover approximately 500 Endpoints on a typical network.
Virtual Instance
on standard server
Network Traffic Ingest
via Span Port or Port Mirror
Strategic Location
near key network assets eg. DMZ, Public WiFi, Data Centre.
Up to 1 Gb/s of Traffic
per instance which equates to approx 500 endpoints
Book a demo
Book a demo today and we’ll help you find threats in your network faster.