Frequent Questions

Threat hunting is the operation of proactively seeking cyber-threats that go undetected in a network. RocketCyber automatically hunts for malicious actors in your network that evade defenses like firewalls and antivirus systems. Once a malicious actor has established a foothold and persistence on a computer, many organizations lack the advanced detection capabilities to seek and deter the advanced persistent threat from residing on the network. This is why threat hunting is an essential component of any organization’s SOC -— security operation center and defense strategy.

All RocketCyber subscriptions include hunting capabilities via the Advanced Threat Hunt app and the automated threat intelligence hunt feeds. The current 17 hunt test methodologies supported are:

After creating a New Customer, a wizard is presented for deployment options. Alternatively, you can navigate the Customers tab, and select the deployment link next to the customer's name.
RocketCyber Windows deployment options include a native GUI installer, PowerShell copy/paste script, PowerShell downloadable file, and a number of popular RMM-ready scripts, such as Kaseya, Datto, SolarWinds, ConnectWise, Syncro, Ninja and more. For macOS and Linux, a curl script is available.

When RocketCyber detects malicious and/or suspicious findings, incident tickets are delivered to your MSP's ticketing system.
Our current notification options include a native SMTP email alert configuration or alternatively through our API integrations with Kaseya, Autotask, Connectwise or Syncro PSAs.

When an attacker gains a foothold on the network, Tactics are defined as the tactical stage, also known as the goal of the attacker. Techniques are defined as the technical operation carried out in order to obtain the goal.
Example Tactic - Establish persistence on a windows computer. While there are numerous techniques in order to accomplish this goal, an example technique - Adding entries to the run keys in the registry or startup folder, result in an attacker maintaining their precense under the context of the user in addition to obtaining the same level of access permissions.

Politely put, the majority of almost every breach victim over recent times had such cyber defenses in place also.
Breach Detection was developed specifically to detect intruders who have already evaded such firewalls and antivirus systems. It is equally important to reduce the 'dwell time' when an intruder does gain access to the network and deter their activity before the last tactical goal has been accomplished, which in most scenarios is the theft of data.

RocketCyber collects syslog data and then pasrses the relevant information needed to monitor for malicious activity. Most firewall vendors support the creation/forwarding of syslog data to the RocketCyber collector. If you have a firewall vendor that does not support syslog, contact your representative to determine an alternitive method such as a RESTful API.
The firewall vendors we continuously test in our labs are:

Supported operating systems

RocketCyber offers a full 21-day trial with all features for the Managed SOC. You can monitor unlimited endpoints, firewalls and Office 365 users. Add as many customers as you desire. When the trial expires, you can then subscribe to the monthly SOC subscription.

All development is performed in the U.S. and located adjacent to our SOC team in Dallas, Texas. We also have a dedicated SOC team located in the EU to stay GDPR- compliant for customers as well.