GroundTruth: Enterprise Network Hunter Toolkit

AFFILIATION:   Whitescope LLC, Half Moon Bay, California, United States


Track: Cyber & Software
Area: Threat Assessment
Tech Readiness: TRL 7

Tech Brief: Proactive cyberspace operations that involve an active, pre-emptive search for intruders has historically been referred to as "Hunter Operations". GroundTruth is a versatile and flexible platform for scalable hunter operations. GroundTruth empowers network defenders so they can locate unauthorized adversaries and indicators of compromise that exist within an enterprise network.


Value Proposition: Our nations networks are under constant cyber attack. The costs associated with network breaches are enormous, and the costs associated with breaches of Defense networks can affect our national security. GroundTruth provides a means to proactively disrupt the network operations being conducted by our adversaries. The earlier we disrupt these operations, less costs we incur from those operations. As we become more effective at disrupting adversarial network operations, our adversaries operating costs increase. GroundTruth provides a mechanism to disrupt adversarial network operations. By providing a framework to actively query data associated with an active network, GroundTruth enables network defenders to leverage intelligence and control of the network to their advantage. By investing in GroundTruth, we help shift our cyber defense strategy from a passive approach to a more active approach. The GroundTruth approach has already tested at several national defense exercises with great success. It is time to bring GroundTruth to a real, operational network and use it to disrupt adversarial network operations.


Org Type: Early-stage Startup (Seed)