pursuit

Our Offense is Your

For a second, imagine you’re a hacker looking to cash-in on a poorly protected business. You know the finance department reads any invoice they receive, so you email the accountants a malicious spreadsheet. Like clockwork, an employee opens the phony document, clicks “Enable Macros”, and you’re in! This company is now your oyster as long as you maintain access.

This scenario plays out everyday and most IT service providers are well aware of the threat. However, many aren’t familiar with the techniques hacker’s use to create persistent footholds within these networks. That’s where PursuIT, powered by Huntress, steps in. We collect and analyze metadata about every application scheduled to automatically execute when a computer boots up or a user logs in. As soon as the hacker establishes their access, we’re there to kick them out.

Why is this so effective?

Modern antivirus primarily focuses on the actions performed by executable files and makes heuristic-based detections. Antivirus also uses static signatures to identify known malicious sections of files. Unfortunately, viruses are constantly evolving and techniques—like footholds—have largely been ignored. As a result, hackers today still successfully use the same persistence techniques they used in Windows 95 malware.

PursuIT puts a stop to this and makes hackers earn every inch of their access within the networks we protect. Our Managed Detection and Response Service quickly discovers new and existing footholds regardless of the infection vector.

How IT Works

Endpoint Agent

The PursuIT agent inventories each application scheduled to automatically start at boot or user login (persistent applications). Metadata on these applications are sent to the PursuIT Analysis Engine for inspection. This lightweight design ensures user’s productivity is never hindered by resource intensive processes while the distributed cloud architecture protects your users in the office, at home, or on the go.

Analysis Engine

The analysis engine aggregates data from the PursuIT agents and uses algorithms to discover malicious outliers (footholds) in the dataset. Each persistent application is evaluated using a combination of file reputation, frequency analysis, and other proprietary algorithms. When an anomaly is detected, PursuIT delivers prioritized remediation recommendations.