• Incident?
    • }

    orion

    Threat HUNTing Platform

    Todayโ€™s advanced persistent threats have met their match. Through agentless HUNTing, ORION cybersecurity software stealthily identifies and eliminates threats before they turn into attacks. Remote interrogation of ORION’s advanced persistent threat protection makes for a scalable solution, deployable worldwide in an instant. Now with API integration, intuitive dashboards, and customizable reporting, ORION cyber threat hunting software is more powerful and easier to use than ever.

    orion Laptop

    The HUNT is on

    What if you could reduce detection time from months to minutes? Now you can, with ORION 2.0.

    ORIONโ€™s agent-less threat hunting goes beyond passive detection and response, empowering cybersecurity professionals with the means and mindset necessary to detect, pursue, isolate, and eliminate APTs and other network threats. Hackers will take a six-month head start any day. Take back the advantage. Take back your time.

    • Proprietary Agent-less Algorithm

      Stealthily stalk cyber intruders. Keep a low profile, observing adversary actions from afar until the time is right to strike.

    • New API for better integration with other platforms

      HUNT on your own terms. Develop custom apps, extract the data you need, and defend your network.

    • New workflow management design with concurrent tasking

      Cool, calm, and collected. Your team will work together in perfect harmony to eliminate threats from your network and reduce vulnerabilities.

    • Detailed analytics with customizable dashboards

      Key performance indicators. Track threat HUNTing progress in real time and create reports to improve response.

    • Stunning graphical display

      Command line evolution. User-friendly, web-based interface makes HUNTing accessible to operators and analysts at all levels of experience.

    • Remote interrogation for rapid global deployment

      Investigation at the speed of light. ORION travels so you donโ€™t have to; remotely HUNTing through your global networks to find threats

    Key orion Benefits

    Agentless Threat HUNTing

    Network intruders wonโ€™t know youโ€™ve spotted them. Our proprietary algorithm allows for stealthy identification and removal of threats.

    Live Memory Analysis.

    Automated, enterprise-scale examination of networks. Remotely scan far and wide for threats.

    Remote Interrogation

    Rapid deployment to any network in the world. Improve responsiveness and reduce costs.

    Agent-less Threat HUNTing

    Covertly observe threats and collect data without detection

    Remote Interrogation

    Rapid Deployment to global networks

    Live Memory Analysis

    Identifies malicious code hidden in memory of a running system

    Operating System Agnostic

    Built specifically for endpoints, but capable of interrogating any system

    Remarkable Malware Identification

    Able to identify known and unknown threats

    Graphical Display

    Unified workflows for easier operator/analyst collaboration

    Workflow Management

    Assign roles and manage tasks to collaborate investigation and response efforts

    RESTful API

    Harness the power of ORION through individually-tailored applications

    SPLUNK and Other Third-Party Integration

    ORION application in SPLUNK APPBase for seamless data sharing and analysis

    Automated Workflows

    Full third-party tasking integration through an RESTful API enables triggering of predefined, playbook-driven hunt operations providing an automated orchestration solution

    Advanced Payloads

    Built-in and customizable payloads provide a wide range of network defense options

    orion Overview

    orion Awards

    orion Comparison

    orion Carbon Black
    CB Response
    Primary functions Host Analysis, Host Forensics, Effects Host Analysis, Host Forensics, Effects
    Operating Systems Linux, Windows Windows, Mac OS, Red Hat Linux, Cent OS Linux
    Threat Hunting Methodology
    • Agent-less-based
    • Modular payloads and delivery mechanisms
  • Agent-based
    		•
    Information from Endpoints
    • Running Processes
    • Loaded Libraries
    • Loaded Drivers
    • User accounts and Groups
    • Persistence Mechanisms
    • Inspects memory for injected code or any provided string
    • Finds hidden Processes
    • Network Information
    • Registry Access
    • Event Logs
    • File System Access and Search
    • Process Termination
    • Firewall Status
    • Anti-virus Status
    • Audit Policy
    • Ability to run custom on-demand survey scans
    • Interactive Shells
    • Task automation
    • Records process execution and all relevant metadata
    • Records network connections
    • Records loaded modules and metadata about the module
    • Records registry creation and modifications
    • Records file creation and modifications
    • Memory dump of system
    • Registry settings
    • Directory and file lists
    Threat Intelligence Integration
    • Auto-launch Virus Total Search
    • Auto-launch Google Search
    • Online white-list/blacklist update process
    • Online threat intelligence integration
  • Can optionally integrate with multiple online Threat Intelligence Sources
    		•
    User Interface Web-based Web-based
    Deployment On-premises or remote in R9Bโ€™s Adversary Pursuit Center (APC) Cloud-based security-as-a-service On-premises or cloud data store
    Analysis Features
    • Compare to known-good white-list and known-bad blacklists
    • Add-to and customize white-list/blacklist
    • Frequency-based anomaly detection
    • Memory Anomalies (through mem-analyzer/mem-searcher tool)
    • Built-in analytics:
      • Name-Path Anomalies
      • Parent Process Anomalies
      • Custom Aggregate Queries
      • Custom Queries combining data sources
    • Compare to white-lists/blacklists.
    • Custom user queries
    • Real-time event monitoring
    • Visual display of process interactions (parent-child)
    • Watch list w/ email alerts
    • Stores historical data for full retroactive analysis
    Miscellaneous Additional Features / Comparison:
    • Splunk Integration
    • Customized payloads
    • Endpoint Live Interaction
    • Deployable through other 3rd party solutions (e.g. Tanium, Encase Enterprise, Ziften, DataMapT, etc)
    • Password Expiration
    		 Additional Features / Comparison:
    • Splunk App Integration
    • IBM BigFix Integration
    • Export events to AWS
    • Endpoint Live Interaction
    • No known memory analysis capability
    • โ€œIsolate Hostโ€ capability
    • No modularity components for unified platform

    orion UI

    Human-Led. Technology-Accelerated.

    Email Call 719.368.3677 (M-F 8-5)