Threat HUNTing Platform

Todayโ€™s advanced persistent threats have met their match. Through agentless HUNTing, ORION cybersecurity software stealthily identifies and eliminates threats before they turn into attacks. Remote interrogation of ORION’s advanced persistent threat protection makes for a scalable solution, deployable worldwide in an instant. Now with API integration, intuitive dashboards, and customizable reporting, ORION cyber threat hunting software is more powerful and easier to use than ever.

orion Laptop

The HUNT is on

What if you could reduce detection time from months to minutes? Now you can, with ORION 2.0.

ORIONโ€™s agent-less threat hunting goes beyond passive detection and response, empowering cybersecurity professionals with the means and mindset necessary to detect, pursue, isolate, and eliminate APTs and other network threats. Hackers will take a six-month head start any day. Take back the advantage. Take back your time.

  • Proprietary Agent-less Algorithm

    Stealthily stalk cyber intruders. Keep a low profile, observing adversary actions from afar until the time is right to strike.

  • New API for better integration with other platforms

    HUNT on your own terms. Develop custom apps, extract the data you need, and defend your network.

  • New workflow management design with concurrent tasking

    Cool, calm, and collected. Your team will work together in perfect harmony to eliminate threats from your network and reduce vulnerabilities.

  • Detailed analytics with customizable dashboards

    Key performance indicators. Track threat HUNTing progress in real time and create reports to improve response.

  • Stunning graphical display

    Command line evolution. User-friendly, web-based interface makes HUNTing accessible to operators and analysts at all levels of experience.

  • Remote interrogation for rapid global deployment

    Investigation at the speed of light. ORION travels so you donโ€™t have to; remotely HUNTing through your global networks to find threats

Key orion Benefits

Agentless Threat HUNTing

Network intruders wonโ€™t know youโ€™ve spotted them. Our proprietary algorithm allows for stealthy identification and removal of threats.

Live Memory Analysis.

Automated, enterprise-scale examination of networks. Remotely scan far and wide for threats.

Remote Interrogation

Rapid deployment to any network in the world. Improve responsiveness and reduce costs.

Agent-less Threat HUNTing

Covertly observe threats and collect data without detection

Remote Interrogation

Rapid Deployment to global networks

Live Memory Analysis

Identifies malicious code hidden in memory of a running system

Operating System Agnostic

Built specifically for endpoints, but capable of interrogating any system

Remarkable Malware Identification

Able to identify known and unknown threats

Graphical Display

Unified workflows for easier operator/analyst collaboration

Workflow Management

Assign roles and manage tasks to collaborate investigation and response efforts


Harness the power of ORION through individually-tailored applications

SPLUNK and Other Third-Party Integration

ORION application in SPLUNK APPBase for seamless data sharing and analysis

Automated Workflows

Full third-party tasking integration through an RESTful API enables triggering of predefined, playbook-driven hunt operations providing an automated orchestration solution

Advanced Payloads

Built-in and customizable payloads provide a wide range of network defense options

orion Overview

orion Awards

orion Comparison

orion Carbon Black
CB Response
Primary functions Host Analysis, Host Forensics, Effects Host Analysis, Host Forensics, Effects
Operating Systems Linux, Windows Windows, Mac OS, Red Hat Linux, Cent OS Linux
Threat Hunting Methodology
  • Agent-less-based
  • Modular payloads and delivery mechanisms
  • Agent-based
  • Information from Endpoints
    • Running Processes
    • Loaded Libraries
    • Loaded Drivers
    • User accounts and Groups
    • Persistence Mechanisms
    • Inspects memory for injected code or any provided string
    • Finds hidden Processes
    • Network Information
    • Registry Access
    • Event Logs
    • File System Access and Search
    • Process Termination
    • Firewall Status
    • Anti-virus Status
    • Audit Policy
    • Ability to run custom on-demand survey scans
    • Interactive Shells
    • Task automation
    • Records process execution and all relevant metadata
    • Records network connections
    • Records loaded modules and metadata about the module
    • Records registry creation and modifications
    • Records file creation and modifications
    • Memory dump of system
    • Registry settings
    • Directory and file lists
    Threat Intelligence Integration
    • Auto-launch Virus Total Search
    • Auto-launch Google Search
    • Online white-list/blacklist update process
    • Online threat intelligence integration
  • Can optionally integrate with multiple online Threat Intelligence Sources
  • User Interface Web-based Web-based
    Deployment On-premises or remote in R9Bโ€™s Adversary Pursuit Center (APC) Cloud-based security-as-a-service On-premises or cloud data store
    Analysis Features
    • Compare to known-good white-list and known-bad blacklists
    • Add-to and customize white-list/blacklist
    • Frequency-based anomaly detection
    • Memory Anomalies (through mem-analyzer/mem-searcher tool)
    • Built-in analytics:
      • Name-Path Anomalies
      • Parent Process Anomalies
      • Custom Aggregate Queries
      • Custom Queries combining data sources
    • Compare to white-lists/blacklists.
    • Custom user queries
    • Real-time event monitoring
    • Visual display of process interactions (parent-child)
    • Watch list w/ email alerts
    • Stores historical data for full retroactive analysis
    Miscellaneous Additional Features / Comparison:
    • Splunk Integration
    • Customized payloads
    • Endpoint Live Interaction
    • Deployable through other 3rd party solutions (e.g. Tanium, Encase Enterprise, Ziften, DataMapT, etc)
    • Password Expiration
    Additional Features / Comparison:
    • Splunk App Integration
    • IBM BigFix Integration
    • Export events to AWS
    • Endpoint Live Interaction
    • No known memory analysis capability
    • โ€œIsolate Hostโ€ capability
    • No modularity components for unified platform