SOVEREIGN ACTIVE THREAT HUNTING & NETWORK MONITORING SOFTWARE

firebug

ACTIVE NDR

LATERAL MOVEMENT

ALIEN COMPUTERS

BASELINE ANOMALIES

Hyprfire’s Firebug is an active, fast, flexible & accessible Threat Hunting & Network Monitoring tool that uses Statistics and Explainable AI to give your network security team the best chance to defend against the next wave of attack. Whether that's through detecting Lateral Movement, Alien Computers, Baseline Anomalies or other attacker behaviour, the moment they make a move firebug will highlight and report them.  It is a lightweight virtual appliance that can snaps into your existing stack, to uplift your team’s Active Cyber Security capability and capacity to seek out, detect, contain, and resolve any threats to your network.

ACTIVE

Network threat hunting now

FAST

Knows your network in minutes

FLEXIBLE

Lightweight virtual appliance

$

ACCESSIBLE

Enterprise capability at SME pricing

finding  threats  on your network faster.

Firebug is a rapid detection tool for Lateral Movement, Alien Computers & Baseline Anomalies.

Lateral Movement

Firebug detects Lateral Movement by providing visibility of abnormal uses and abnormal behaviour in Windows-specific protocols that can identify attackers before they can do damage to your network.

  • Detect abuses of SMB, WinRM, and LDAP protocols to catch attackers attempting to move through Windows networks with Firebug’s proprietary advanced statistics engine.

  • Find attackers performing internal machine and service reconnaissance using port scanning tools with Firebug’s transient portscan detection.

  • Identify insider and outsider threats using behaviour, not signature.

Alien Computers

Firebug listens for alien computer activity on your network and can passively identify machines on secured networks that should not be there, and can provide visibility of computers making unauthorised contact with networks they should not.

  • Identify computers that attach themselves to networks they should not use passive monitoring of traffic

  • Find users accessing data and services that they should not be accessed by identifying new and unusual access to secured networks

  • Find misconfigured computers and identify lost assets by mapping out machines in your network using Firebug’s network data

  • Catch attackers attempting to migrate from public wifi and other insecure networks by identifying computers crossing secure/insecure boundaries 

Baseline Anomalies

Firebug’s proprietary advanced statistics engine can identify abnormal activity while it is baselining your network, meaning it can raise security and operations issues within the first 24 hours, rather than in six months. Find an unusual activity and misconfigurations in networks such as:

  • Remote access to windows systems that are no longer needed, but not yet disabled, by detecting unusual outbound and cross-network uses of LDAP, WinRM, and SMB

  • Beaconing attacker toolkits like Covenant and Empire through HTTPS and DNS anomaly detection

  • Abuses of DNS including Data exfiltration and C2 traffic using Firebug’s inbuilt DNS comprehension

  • Misconfigured servers doing things in strange, unusual, or unexpected ways that could have operational or security implications via Firebug’s broad visibility of protocol

Uplift your Active Cyber Defence

Get visibility of the devices & traffic that can't be covered by your Endpoint & Perimeter protection with Firebug. This active, fast, flexible and accessible tool gives your team:

firebug

ACTIVE NDR

FOCUS

on unusual network behaviour

INSIGHTS

to determine if it’s authorised, a vulnerability or an active attack. 

COORDINATES

to respond quickly to the behaviour

How to deploy  firebug 

Firebug is flexible & interoperable. It can be deployed as a virtual instance on any server with standard specification that can provide an ingest of network traffic and is positioned near strategic network assets (eg. DMZ, Public WiFi, Data Centre). Each instance can give visibility of up to 1 Gb/s which can cover approximately 500 Endpoints on a typical network.

Virtual Instance

on standard server

Network Traffic Ingest

via Span Port or Port Mirror

Strategic Location

near key network assets eg. DMZ, Public WiFi, Data Centre.

Up to 1 Gb/s of Traffic

per instance which equates to approx 500 endpoints

Book a demo

Book a demo today and we’ll help you find threats in your network faster.

Thanks for submitting! We'll be in touch to book a demonstration of firebug.