CounterTack Bolsters Active Defense Strategy with Scout Knowledge Library 1.0

 Comprehensive Collection of Stateful Compromise Indicators Powers Scout Analytics Engine to Better Understand and Counter Advanced Threats

WALTHAM, Mass. (June 24, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today introduced the Scout Knowledge Library, a robust collection of stateful compromise indicators (SCIs) that correlate behavioral and technical characteristics of advanced threats to provide organizations with rich attack intelligence through conclusive attack evidence.

 With the recent release of Scout 4, CounterTack is taking a dramatically different approach to endpoint protection, providing unprecedented visibility into attackers through its patented Deep System Inspection (DSI) technology. CounterTack enables organizations to detect previously undetectable advanced threats and attacks that most other solutions miss.

 The Scout Knowledge Library is a compilation of SCIs, attack and malware profiles and conditions. Collectively, they serve as the intelligence foundation of Scout’s powerful analytics engine, enabling customers to quickly classify malware and malicious activity based on correlated actions exhibited by the attack.

 “CounterTack’s Scout Knowledge Library gives organizations the ability to quickly and accurately determine the scope of an attack by understanding what type of malware is launched, and what type of process it follows,” said Neal Creighton, CEO, CounterTack. “Correlating malware characteristics through Scout helps enterprises react with confidence to attacks, shortening the gap from detection to intelligence to response, by giving them the ability to know precisely what will happen relative to that specific malware, bot, trojan or condition identified.”

 Based on the breadth of Scout’s real-time monitoring of historical attacker behavior and malware processes, the Scout Knowledge Library’s SCIs can help rapidly classify attacks and provide intelligence on specific tools and techniques associated with threats both known and unknown. These classifications are integrated into Scout 4, where the threat and attack profiles are correlated with attack activity in real-time.

 “CounterTack’s unique approach is to shorten the cycle to remediation for customers impacted by sophisticated threats and persistent malware campaigns,” said Sean Bodmer, chief researcher, CounterTack. “Through our library, we provide the capability to correlate key events and characteristics of malware. A single SCI can detect millions of variants of Zeus, like Ice9 or Citadel, but what matters most are the key characteristics and the modular functionalities of the malware. For example, knowing whether the malware is configured with Remote Desktop Protocol (RDP), Webinjects (secure form login stealer), DDOS, FormGrabbers, or JabberUpdater can help customers quickly identify the motive, intent and capability of a threat — so they react appropriately.”

 In the event that a critical endpoint is compromised, Scout’s real-time analysis identifies files, processes and network activity the attacker is targeting at the OS level on production systems. That behavior is then correlated with indicators in the Knowledge Library to provide conclusive intelligence about the attack.

 The Scout Knowledge Library will be sold as part of base Scout deployments, and updates will be available as part of a subscription model.

 About CounterTack

CounterTack, the industry’s first and only in-progress attack intelligence and response solution provider, was born out of the critical need to develop new security approaches for enterprise and government organizations. The detection gap persists despite massive investments and continuing advancements in security technologies, with cyber attacker innovation outpacing cyber defenses. CounterTack is leading the way on new approaches for deeper security intelligence monitoring and faster attack response.

 To learn more, visit  


CounterTack Partners with rSolutions to Help Companies Dramatically Improve Attack Detection and Counter Targeted Enterprise Threats

CounterTack Scout to Provide Enhanced Visibility to Help Reduce Attacker ‘Dwell Time’

WALTHAM, Mass. (June 18, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced its partnership with rSolutions, an information security firm that provides a broad range of enterprise security solutions and professional consulting services. rSolutions will be reselling CounterTack’s Scout Solution for advanced threat detection and intelligence.

This partnership will expand rSolutions’ product portfolio and augment its offerings for enterprise customers. The addition of CounterTack’s Deep System Inspection (DSI) technology will help rSolutions customers not only reduce dwell time, but in the process give them access to the critical intelligence they need to better understand and combat advanced, and even unknown, threats. In partnering with rSolutions, CounterTack is expanding its presence into the government, mining and energy markets in Canada.

Security-savvy organizations understand that advanced threats are persistent, rendering many systems as continuously compromised. The more frequently companies are attacked, the more they become prone to follow-up attacks, underscoring the reality that blocking or alerting is no longer good enough. With deep behavioral analysis, CounterTack helps companies actively engage with attackers to defend critical systems at the endpoint.

"At rSolutions, we are constantly looking for unique and innovative solutions to help address our customers' biggest problems," said Richard Baker, managing partner at rSolutions.  "Despite investing in the latest advanced threat detection offerings, our customers have crucial unanswered questions about how to assess, contain, and stop attacks that are still getting through.  We believe CounterTack's revolutionary approach to endpoint security is a perfect complement to our current network-based solutions and will provide our customers with the critical intelligence needed to stop attacks."

“The ability to identify advanced attacks is essential. But that is only half the security battle,” said Neal Creighton, CEO, CounterTack. “The capability to minimize the impact of an attack by limiting its length or ‘dwell time’ in a system by actively engaging with attackers is now essential in limiting potential damage, understanding what the attacker is doing and targeting, and ultimately, diverting the attacker from production assets. The rSolutions and CounterTack partnership will provide companies with the tools and intelligence they need to identify and understand advanced attacks – empowering them to actively defend their businesses.”

About rSolutions

rSolutions is a boutique Information Secuirty firm providing enterprise security solutions and professional consulting services. As a results-driven organization, we help our customer’s meet their business objectives. A partner of several industry leaders, such as CounterTack, Splunk, FireEye, Qualys, Mobile Iron, Guidance Software and Accellion, rSolutions offers a suite of security assessment services including vulnerability assessments, penetration testing, web application testing and more. To learn more, visit


CounterTack Announces Scout 4

New Stealth Agent Enables Active Defense

WALTHAM, Mass. (May 8, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced the next generation of CT Scout (formerly Event Horizon®), a cyber defense solution utilizing Deep System Inspection that enables  enterprise and government organizations to detect, assess and respond  to advanced threat attacks.

Available now, Scout 4 introduces a new kernel-level Stealth Agent, which along with an enhanced analysis engine, enables active defense solutions against in-progress attacks. In a world where it is widely accepted that advanced threats continue to bypass security defenses, the ability to detect and respond to in-progress attacks is critical to reducing the attack dwell time – the time available for attackers to operate on the network and cause damage.

“After establishing a beach head, attackers move laterally through networks to identify and exploit targets, often for extended periods of time,” said former global CISO for BAE Systems, Eric Noonan, now CEO at CyberSheath Services International. “Getting visibility into these behaviors is critical to mounting timely countermeasures and minimizing damage.”

The new agent-based sensor architecture enables CT Scout 4 to support rapid and flexible deployment options that enable customers to implement active defenses and reduce attack dwell time. Deployed on both physical and virtual devices, the Stealth Agent provides great flexibility in deploying next-generation honeynets that not only help detect unknown threats, but also provide the intelligence on attacker means and motives necessary for implementing effective active defense countermeasures. The Stealth Agent can also be deployed directly on production systems as part of active defense strategies to accelerate countermeasures. 

“Today’s organizations have largely accepted the fact that attackers are getting into their networks – that it’s no longer a question of ‘if’ but ‘when’,” said Neal Creighton, CEO, CounterTack. “With the next generation of CT Scout, CounterTack enables organizations to implement active defense strategies, with rapid deployment honeynets and targeted production system monitoring.”

CounterTack Partners with Preventia to Provide Advanced Malware Analysis Internationally

Closing the Detection Gap on the International Stage

WALTHAM, Mass. (April 23, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced its first international customer and strategic partner –  Preventia, a leading IT security specialist, boutique integrator and professional services provider in London.

Cyber attackers target organizations’ most valuable corporate information. Despite advancement in security technology there is still a detection gap, with cyber attackers outpacing cyber defenses. And, there is a growing need in the UK and European market for solutions to help companies close that detection gap.    

“We see a clear opportunity to introduce new technology in the UK and Europe that helps companies better understand the security challenges facing them – and gives them the intelligence they need to address them. That’s where CounterTack comes in,” said Nick Peaster, Managing Director, Preventia. “We’re excited to partner with CounterTack because they solve problems in ways that no other company currently can. Together, Preventia and CounterTack will provide the innovative solutions enterprise companies need to detect breaches early and protect their proprietary information.”

This partnership signifies CounterTack’s first major move into the internal cyber security marketplace. In addition to deploying CounterTack Scout for monitoring and protecting its own network and systems, Preventia will represent CounterTack’s full suite of products in the UK and its existing customer base.  Preventia’s customers include some of the UK’s largest and most prestigious companies, including banks, gaming companies, and retailers.

“Invasive network, workstation and server attacks aren’t unique to this side of the pond. CounterTack’s partnership with Preventia signifies the increasing worldwide demand for solutions such as Scout and Sentinel,” said Neal Creighton, CEO, CounterTack. “We’re excited to partner with Preventia. Its reputation as a provider of new, innovative technologies makes it a great choice for our first international partner.”

Preventia will be exhibiting at Infosecurity Europe April 23 – 25, 2013 at Earls Court Exhibition Centre in London. Stop by Stand E22 to learn more about CounterTack’s full suite of products available through Preventia.

CounterTack Announces Stateful Compromise Indicator Support in CT Scout

Automating Detection and Diagnosis of Advanced Cyber Attacks to Accelerate Active Defense Processes

WALTHAM, Mass. (April 8, 2013) – CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, announced today that its cyber threat intelligence product, CT Scout, will support the company’s new Stateful Compromise Indicator (SCI) technology. SCIs are part of a new layer of automated analysis that classifies attacker behavior, delivering immediately actionable intelligence in next-generation honeynet applications and reducing overhead in advanced threat analysis applications. 

For years, honeypots have demonstrated their value in detecting zero-day and other undetectable attacks, particularly in the government sector. Though effective, traditional honeypots are difficult to set up and equally challenging to manage. Further, these systems require highly skilled operators to analyze the large volumes of data they generate. CounterTack’s integrated solution represents a significant shift in this model, with CT Scout offering the world’s first enterprise-ready platform for next-generation honeynet deployments. With the addition of SCI support, CT Scout customers can further automate detection and remediation actions, and deploy honeynets more widely without expanding the need for highly skilled security analysts. 

“CounterTack is revolutionizing the honeypot market by applying automation to the detection of advanced threats and making honeynet capabilities accessible to more organizations,” said Neal Creighton, CEO, CounterTack.” The integration of our SCIs with CT Scout demonstrates CounterTack’s commitment to helping enterprise customers save time and money, while doing battle with today’s increasingly sophisticated cyber threats.” 

SCIs, originally developed for the CT Sentinel cyber defense product, enable rapid detection of advanced threats. With the addition of SCIs, first-line security operations center personnel can handle more alerts directly without escalating to threat analysis teams, thereby enabling much wider deployment of honeynet solutions. SCIs also improve the efficiency of threat analysis teams by enabling them to quickly filter out known threats and focus on new threats as they are detected.

CounterTack Announces Scout V3.2

Deep System Cyber Intelligence for Next-Generation Honeynets and Advanced Malware Analysis 

WALTHAM, Mass. (February 26, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced the next version of CT Scout (formerly Event Horizon®), a cyber intelligence product helping enterprise and government organizations close the Detection Gap.

The CounterTack Scout product offers a unique platform for next-generation honeynet deployments as well as advanced malware analysis. A self-contained appliance with a multi-blade virtual machine (VM) architecture, CT Scout supports a range of honeynet configurations, from single honeypots in sensitive network areas to networks of honeynet systems deployed throughout enterprise networks to improve detection coverage and perceptual consistency. 

“It's fair to say that many of us want to see what the bad guys are up to, how they’re coming after us, and what they’re coming for, but we certainly don’t want to let them into our production systems to watch them work,” said Christian Seifert, CEO of The Honeynet Project. “If your job is to protect your assets, there's no better way to keep abreast of what the bad guys are up to than to watch them work, and honeynets give us a way to do that in a lower risk setting.”

CounterTack’s CT Scout appliance also provides a safe way to detonate malware for detailed analysis.  When configured as a closed protected environment, the CT Scout VM architecture supports configurations of exact Windows and Linux production-system replicas, including network connectivity.  By leveraging CounterTack’s patented Deep System Inspection technology, CT Scout provides unique visibility into previously undetectable malware behaviors. 

“You can’t protect against what you can’t see,” said Sean Bodmer, Chief Researcher in the CounterTack Cyber Counterintelligence Research Lab. “The kind of intelligence we’re gaining with Deep System Inspection on CT Scout is what enabled us to figure out how to detect Red October and other advanced threats.”

CT Scout V3.2 will be available for sale in March 2013 and is being demonstrated at the RSA Conference this week at CounterTack’s booth #2533.    

OpenDNS Hosts 'Off-RSA' Security Research Demo Event

CounterTack, CrowdStrike, GFI Software, Norman, Oriza Technologies, Security Information Exchange, ThreatGRID and OpenDNS to Showcase Leading-Edge Cyber Security Technology

SAN FRANCISCO, CA--(Marketwire - Feb 26, 2013) - OpenDNS, the world's leading provider of cloud-delivered Internet security solutions, today announced that it will host a demo event with some of the most innovative names in Internet security research.CounterTackCrowdStrikeGFI SoftwareNormanOriza TechnologiesSecurity Information Exchange (SIE), ThreatGRIDand OpenDNS's Umbrella Security Labs will demonstrate their data-mining research technologies on February 26 at OpenDNS's headquarters in San Francisco.

This 'off-RSA' event offers a unique venue for security researchers to get a close-up view of network security research tools in an informal setting. Attendees will have the opportunity to have intimate dialogues with others within the Internet security community about Big Data mining, cyber security threats, and the trends and technologies shaping the new world of Internet security.

"The recent string of cyber security attacks into the New York Times, Wall Street Journal and Twitter underscores the need for Internet security technology and research to transform from reactive to predictive," said Dan Hubbard, CTO of OpenDNS. "This paradigm shift is possible with technology innovation and collaboration within the security research community. We are looking forward to a night of idea-sharing with some of the best security technologists and researches on the planet."

At the event, OpenDNS will demonstrate its new Umbrella Security Graph, which has leveraged Big Data to discover different attributes, locations, and domains connected with the recently uncovered 'Red October' attacks. With the Umbrella Security Graph, OpenDNS can now deliver predictive Internet security protection to its customers by combining the company's indexed and cross-referenced data with real-time cyber intelligence scoring and threat classification.

The event will also showcase security technologies and research tools from the following companies.

CounterTack provides in-progress cyber attack intelligence and response solutions that enable enterprise and government organizations to combat advanced targeted attacks with Deep System Inspection solutions. The company will demo CT Scout, a cyber intelligence product that helps enterprise and government organizations close the Detection Gap.

CrowdStrike is a security technology company focused on identifying and preventing damage from targeted attacks. The company will demo CrowdRE, a free community tool that allows security researchers and analysts to collaborate on reverse engineering by leveraging crowdsharing to reduce repetitive work by multiple analysts.

GFI Software specializes in the discovery and analysis of dangerous vulnerabilities and malware. The company will demo GFI Sandbox™, a malware analyzer that cyber-security professionals can use to analyze files and URLs for potential threats within a monitored environment, remediate them and deploy the appropriate defenses swiftly to prevent future attacks.

Norman is a global leader and pioneer in proactive security software solutions and forensics malware tools. The company will demo Norman Malware Analyzer G2, which enables IT and security teams to run suspicious artifacts through the award-winning Norman SandBox®, and concurrently analyze the code in Norman's virtualized IntelliVM modules.

Oriza Technologies is a stealth mode start-up developing ground breaking technology to personally identify, and track malicious actors in real time across the Internet.

Oriza's founders are proven world leaders in cyber criminal attribution and prosecution.

Internet Systems Consortium operates the Security Information Exchange (SIE), a trusted, private framework for information sharing in the Internet security field between network operators, law enforcement, security companies and researchers. The organization will demoDNSDB, a database that stores and indexes both the passive DNS data available via ISC's Security Information Exchange as well as the authoritative DNS data that various zone operators make available.

ThreatGRID enables organizations to identify and analyze malicious software on their infrastructure more easily and accurately and in turn to remediate their systems more effectively. The company will demo its ThreatGRID Malware Threat Intelligence Platform Service, a ground-breaking threat intelligence content platform that combines proprietary malware analysis and near real-time actionable threat intelligence to provide insight into global malicious activity for sophisticated customers.

About OpenDNS
OpenDNS is the world's leading provider of Internet security and DNS services, enabling the world to connect to the Internet with confidence on any device, anywhere, anytime. OpenDNS provides millions of businesses, schools and households with a safer, faster and more intelligent Internet experience by protecting them from malicious Web threats and providing them control over how users navigate the Internet, while dramatically increasing the network's overall performance and reliability. The company's cloud-delivered Umbrella security products protect enterprise users from malware, botnets and phishing regardless of location or device. At the heart of all OpenDNS services is the OpenDNS Global Network, the world's largest Internet-wide security network, securing 50 million active users daily through 12 data centers worldwide. For more information, please visit:

CounterTack Announces Sentinel

 Expanding the Deep System Inspection Product Portfolio with Production System Monitoring

WALTHAM, Mass. (February 25, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced the expansion of its product portfolio with CT Sentinel, a cyber defense product aimed at closing the Detection Gap on production systems.  As part of this portfolio expansion, the CounterTack Event Horizon® product is being rebranded as CT Scout. 

The CounterTack Sentinel product applies Deep System Inspection technology to monitoring production systems. Sentinel is based on a new agent implementation of Deep System Inspection and new Stateful Compromise Indicator (SCI) technology. Together, they enable detection of previously undetectable attacks on production systems. 

“It turns out that when we studied advanced attacks at a low enough level in the operating system layer, there was quite a bit of commonality in the behaviors,” said Sean Bodmer, Chief Researcher in the CounterTack Cyber Counterintelligence Lab. “We turn the attack intelligence from our analyses into SCIs, which retain all the state change information in the attack storylines, to detect these attacks with very high fidelity.”

CT Sentinel will be available for sale later this year. It is being deployed in a joint development program with select CounterTack design partners that will begin March 2013. The design partners represent a range of large-enterprise industry segments and are market leaders in cyber security incident response and operations.  Given the large number of targeted attacks aimed at their companies, a major benefit of the program will be the creation of SCIs for the latest sophisticated custom attacks. 

“We’re very pleased that we have been able to attract some of the best and brightest cyber security practitioners in the industry,” said Neal Creighton, CounterTack CEO. “We know our design partners are very busy confronting ever-increasing attack volumes, so we appreciate their commitment to work with us on advancing the state of the art in cyber defense.”

CT Sentinel is being demonstrated at the RSA Conference this week at CounterTack’s booth #2533.

CounterTack and Cymbel Partner to Provide Next-Generation Enterprise Cyber Defense Solutions

Closing the Detection Gap with Patented Deep System Inspection Technologies

WALTHAM, Mass. (February 15, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced a strategic partnership with Cymbel Corporation, a provider of next-generation defense-in-depth for information security.

Today’s highly motivated and persistent cyber attackers specifically target enterprise organizations’ trade secrets, source codes, sales proposals and other valuable corporate information. Despite massive investments and continuing advancements in security technologies, the detection gap persists, with cyber attacker innovations outpacing cyber defenses. 

“Today’s reality is there is no such thing as 100 percent prevention, and targeted attacks against the enterprise are inevitable,” said Bill Frank, Principal, Cymbel Corporation. “By joining forces, Cymbel and CounterTack are bringing powerful solutions to market to detect compromised systems early in the ‘kill chain’ before confidential data can be exfiltrated.”

With this partnership, Cymbel is leveraging CounterTack’s patented Deep System Inspection products to enhance its unique Zero Trust approach that protects critical enterprise assets while cost-effectively meeting compliance requirements. CounterTack’s Deep System Inspection products monitor file, network and process activities deep within the operating system layer. The company’s patented monitoring and intelligence gathering technology provides a new dimension of visibility into the multitude of previously undetectable attacks, including the problematic custom targeted attacks.

“Security teams must equip themselves with real-time situational awareness to identify, understand and combat today’s highly innovative attackers,” said Neal Creighton, CEO, CounterTack. “We are pleased to be partnering with Cymbel to bring our unmatched cyber attack detection capabilities to enterprise customers with a comprehensive solution that integrates seamlessly with existing incident response processes.”

About Cymbel

Cymbel Corporation is an IT Solutions Provider, 100 percent focused on security and compliance. Founded in 2000, Cymbel is headquartered in Newton, Mass., with branches in Connecticut, New York, and New Jersey. Cymbel helps enterprises (1) mitigate the risks of confidential data breaches using a Zero Trust approach, and (2) safely enable new business initiatives, partnerships, processes, applications, and technologies such as Web applications, social media, mobility, virtualization, and cloud.

CounterTack CEO Neal Creighton to Present at AGC West Conference on February 25

Showcasing Newly Patented, Deep System Inspection Technology at AGC, RSA Conferences

WALTHAM, Mass. (February 7, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced that CEO Neal Creighton has been invited to present at America’s Growth Capital (AGC) Ninth Annual West Coast InfoSec and Technology Growth Conference on Monday, February 25, at the Westin San Francisco Market Street.

The AGC Conference will showcase the most innovative emerging growth companies, and feature dynamic panel discussions and presentations delivered by industry luminaries and leading executives of public and private information security enterprises. At the conference, Creighton will discuss the widening Detection Gap problem and how CounterTack’s innovations in deep system inspection technology are helping to close the Gap.

During the week of February 25 – March 1, AGC participants who are also attending the RSA Conference will be able to see demonstrations of CounterTack products at booth #2533. CounterTack will have a strong presence at the RSA Conference, showcasing next-generation cyber defense solutions based on its patented deep system inspection technology.  

CounterTack will also feature two book signing events at the RSA Conference at booth #2533. 

  • A visible authority on the frontlines of cyber security, CounterTack Chief Researcher Sean Bodmer will share in-depth counterintelligence tactics to fight cyber espionage from his book, Reverse Deception: Organized Cyber Threat Counter-Exploitation, on Tuesday, February 26, at 1:00 – 2:00 p.m. PST.

  • Acclaimed author, CounterTack Board Member and Cylance CEO & President Stuart McClure will showcase his latest book, Hacking Exposed: Network Security Secrets & Solutions, which has been translated into more than 30 languages and is the definitive best-selling computer security book, on Thursday, February 28, at 11:00 – 11:45 a.m. PST.

Register here to schedule a one-on-one meeting with CounterTack experts during RSA Conference 2013.

For Media Inquiries

Please email

View News Mentions from Previous Years:

2018 News Mentions

2017 News Mentions