Founded in 2016, Active Countermeasures, is a group of like-minded geeks who believe in giving back to the security community. It does this through free training, thought leadership, and both open-source and commercial tools.
With nearly three decades of experience in the IT and Security industry, Chris Brenton serves as the COO of Active Countermeasures. As a fellow instructor, Chris has developed and delivered various courses for the SANS Institute and now teaches at Antisyphon Training. Being an alumnus of Y-Combinator, Chris has helped several startups to improve their product security through continuous development and identifying their product market fit. Chris has also authored multiple security books and the Cloud Security Alliance’s online training materials to help people educate about cyber security.
Recently we got the chance to sit down with Chris to learn more about his journey and how Active Countermeasures is helping the security community with its solutions.
Below are the highlights of the interview.
Please tell me your story.
Chris– I’ve worked in cyber security for over 25 years. Like many people, I started off doing network and system administration. The fact that software could be bent to perform in a way that was unintended grabbed my attention early in my career. I’ve always been fascinated with avant-garde security research.
What led to the inception of Active Countermeasures?
Chris– Active Countermeasures began as an epiphany that running Endpoint Detection and Response (EDR) software and Centralized Log Management (CLM) was not making us any better at finding adversaries on our network. These processes are considered best practices and even required under many security attestations. Despite their adoption, successful attackers are still going undetected for months at a time. Active Countermeasures was created to develop tools and processes that could show a measured improvement to this performance.
Please highlight Active Countermeasures and its major services.
Chris– We’ve provided threat hunter training for nearly 30,000 individuals. We offer both free and affordable commercial tools which empower people to test their defenses as well as detect adversaries on their network. We run the Threat Hunter Community Discord server where folks can come to ask questions and share successful techniques. The focus of Active Countermeasures is to help the community drop the time between a successful intrusion and the time of detection to as close to zero as possible.
Please tell us about AC-Hunter, and how it is helping to identify compromised systems on a network.
Chris– AC-Hunter is our graphical threat-hunting tool. It detects adversaries on the network by focusing on the Command and Control (C2) channel they use to manipulate internal systems. It does this using behavior analytics rather than a signature-based system. This means that AC-Hunter is always capable of detecting the most cutting-edge attacks.
What are the primary challenges of the industry?
Chris- The biggest challenge we’ve encountered is getting people to realize that EDR and CLM are not as effective as we once thought. Luckily, this tide is starting to turn. NIST Special Publication 800-53 now includes a threat-hunting requirement. Most security attestations tend to adopt NIST requirements eventually, so we see movement in the right direction.
What are your priorities for 2023?
Chris– We are about to release a free community edition of our AC-Hunter product. Historically, our free threat-hunting tools have all been command-line based. While this makes them easy to automate, working at the command line can be challenging for folks that are used to graphical tools. So we are hoping the community edition of AC-Hunter will empower a new range of security professionals to protect their network better.
As a source of inspiration for many, what would your advice be for entrepreneurs who are planning to enter the business world?
Chris– Find a problem that drives your passion and stick with it. When Active Countermeasures started, cyber threat hunting was not a common term. Most security professionals didn’t even recognize it as a problem that needed to be solved. This has permitted us to help a lot of people in the industry directly.
Leave a Reply