Why do I need Network Threat Hunting as a Service?

Why are so many organisations getting held to ransom by cybercriminals, even after spending money on conventional cyber-security, including firewalls and end-point protection, to defend their networks? How can you quickly close the gap between your endpoint & perimeter protection making you vulnerable to ransom attacks and insider threats? And uplift your network teams capability to defend against the new era of Industrialised Ransomware? Let's cover:

Cyber criminal icon
Ransomware Revolution
Cyber Security Icon
Key Elements of
Cyber Security
Visibility icon
The Problem
of Visibility
hyprfire icon
Improving your defences
Cyber criminal icon

 Ransomware Industrialisation 

It’s well understood by cyber security professionals that if you have a network connected to the internet, you’re going to be attacked. What you may not know is that cyber-crime today is a highly corporatised, multi-trillion dollar industry with specialisation for every step: from gaining access into your network, through to distribution of your ransomware payment. There are four main types of criminals that are involved in these attacks:

Initial Access Provider

Gets and sells the access past your Endpoint & Perimeter defences.

Ransomware Partner

Scouts your network, sets up for, and then launches the attack.

Ransomware Developers

Provide the tools and ransomware software as a service.

Dark Financiers

Manage dark escrow payments to distribute the ransom proceeds.

Key Elements of Cyber Security

Let’s get an overview of cyber security to learn about the vulnerabilities these criminals are exploiting. There are three main elements to any cyber security defence: Humans, Email & Visibility. 


The people that use the network


The main channel of communication


Seeing what is happening on your perimeter, on your devices and across your network

The Problem of Visibility

Visibility has three elements that are critical to your cyber defence: Endpoint, Network & Perimeter.


Software installed on computers and phones to monitor them

Network Detection & Response (NDR) systems monitor devices that can’t be covered by Endpoint or Perimeter protection

The firewalls and switches which connect your network to the internet

Cyber criminal icon

Without NDR your door is wide open

The reason organisations are still getting ransomed despite good people training and protection over their email, endpoints and perimeter is often because they don’t have Active Network Detection & Response (NDR). Cyber-criminals are actively exploiting this missing piece of the network security puzzle to launch ransomware attacks. This is simply because there are devices on your network that your Endpoint & Perimeter protection can’t cover. Attackers could be roaming free across your network and you wouldn't know.

You have no visibility of devices & traffic that can’t be covered by your Endpoint & Perimeter protection
Endpoint & Perimeter protection themselves
BYOD Devices
Alternative OS or Servers

It’s important to note that today’s capable threats are able to do easily breach Endpoint & Perimeter defences. And they can’t tell you when they’ve been breached.

Cyber criminal icon

Without  Active NDR   your door is ajar

What is making this growing crime possible is the emerging trend of “Zero-day” attacks. Today’s attackers create brand new, never seen before malware for every attack - meaning that can bypass signature-based, threat-model driven defences that are found in most conventional Intrusion Detection System or Network Detection & Response tools. Without an Active NDR that uses Statistics & Explainable AI (XAI), your team can’t cut through noise of your network and focus of what matters.

Is my NDR Active or Passive?

Baseline time Anomaly Detection Artificial Intelligence Insights/Context Actionable Results Self-Reporting


30-60 days

Threat models






Within hours

Statistical Deviation






How to deploy  firebug 

Firebug is flexible & interoperable. It can be deployed as a virtual instance on any server with standard specification that can provide an ingest of network traffic and is positioned near strategic network assets (eg. DMZ, Public WiFi, Data Centre). Each instance can give visibility of up to 1 Gb/s which can cover approximately 500 Endpoints on a typical network.

Virtual Instance

on standard server

Network Traffic Ingest

via Span Port or Port Mirror

Strategic Location

near key network assets eg. DMZ, Public WiFi, Data Centre.

Up to 1 Gb/s of Traffic

per instance which equates to approx 500 endpoints

finding  threats  on your network faster.

 insider threats 
 data breach 
 data loss 
 network issues 
 email bombs