- Uri May
- August 24, 2021
This week our Hunters’ team and I are extremely proud of our Series B investment milestone, validating our vision, strategy and execution to-date, poured into a solution purpose-built to address the challenges affecting today’s security operations.
SecOps’ Kobayashi Maru
Security operations teams are experiencing significant, compounding challenges - a perfect storm of multiple problems that have created an overwhelming position:
Attacks are changing - We see attackers targeting organizations at all sizes, from all over the world, running stealthier operations and adapting their techniques to evade detection. This includes a sharp increase in supply chain and sophisticated ransomware attacks, alongside the use of “living off the land” techniques, credential stealing, social engineering, and repurposing of off-the-shelf security pentesting tools (e.g. Cobalt Strike). This trend renders many static signature-based detections obsolete, requiring a higher sophistication level of the security team and their toolset.
Cloud adoption has further accelerated through the pandemic - Which expanded the attack surface into further introduced yet more activity feeds and volume (Cloud Infrastructure, SaaS Audit Logs, SSO / Zero Trust) and security products (SaaS Security, CWP, CSPM, etc.) into the stack, which in turn generated more raw data and security events.
Analyst challenge has expanded - With a growing talent gap, ongoing frustration with mundane work, increasing noise and false positives, and expansion of the digital footprint, security analysts today need to master more areas than just the classical enterprise network, and defend against an increasingly harder threat landscape.
When thinking of these challenges Kobayashi Maru comes to mind. For those of you that are not Star Trek fans, it is an unwinnable cadet test that Captain Kirk solves by redefining the problem.
We know SOCs were striving for better tools that improve their effectiveness, and now they have a more complex threat landscape to deal with while defending a rapidly expanding, hybrid IT environment. Their problems are now further exacerbated - the analyst challenge has been a significant issue for years, but the perfect storm of new threat landscape combined with cloud dynamics makes the SecOps challenge unwinnable with current resources.
Looking back at our movie reference, the fearless leader redefined the problem to beat the test while standard approaches repeatedly led to a losing outcome. Similarly, SecOps teams have limited resources (people and existing technologies) that are fundamentally keeping the team in the same never-ending state.
Instead of building yet another extension to an existing or older platform, which we see in cybersecurity over and over, Hunters has taken a new approach to redefine the problem with a purpose-built, analyst centric, turn-key solution.
Purpose-Built for the Modern SOC
There are numerous tools and platforms available to facilitate security analyst workflow. There are and have been solutions with features to address pieces of the challenge, but ultimately the combination of the three core problem areas are not being addressed.
Essentially, all existing security solutions fail in one form or phase to offload complications and time on the part of the analyst to be effective:
Older SIEMs and even ‘next-gen’ SIEMs require heavy bandwidth and dedicated staffing to create and manage detection rules - pushing the analyst focus from security mitigation to tool maintenance, leaving organizations to rely on outdated detection frameworks.
UEBA / anomaly-based detection methods rely on statistical baselining and analysis of anomalous behaviors, which are noisy and often not actionable due to lack of context. Additionally, attackers have learned to adapt to “look normal” to evade these detection methods, making them obsolete.
Tools still lack the ability to ingest and analyze cloud-scale data, in a cost-effective and predictable manner that is effective for modern security analytics requirements, incident investigation and forensics.
Data correlations and context is limited, requiring the analyst to perform lengthy, manual investigation to validate each security alert.
Point-solutions (like EDR, NDR and Cloud security tools) provide partial view of an attack, requiring manual investigation and triage, when looking to find related attack artifacts in other security systems, requiring the analyst to make the connections between events across domains.
The common theme is a stampede of security solutions which essentially feature extensions of pre-existing systems designed with a different or historical view of the security landscape.
Our vision when building the Hunters platform, was to build and leverage new sets of technology that will enable SecOps teams to fulfill their mission, in light of the changing circumstances.
The key requirements were:
Address the paradigm shift of security data at cloud-scale and its related business implications.
Offload non-core security efforts, such as data engineering from the SOC
Provide crucial layers of automation to streamline, simplify and accelerate security analyst’s understanding of an attack and boost her ability to take the appropriate response measures
These principles are encoded into the DNA of the Hunters XDR platform.
First, we believe that using more data from various data sources is critical for security outcomes, and we address the data volume and variety challenge (and the cost associated with it), by leveraging a built-in or customers’ choice of cloud-based security data lake.
Second, we prioritized building a true turn-key solution, enabling easy deployment and minimal configuration. The intent is to offload all aspects of component integration, data ingestion, normalization, cross-correlation, detection engineering, scoring and prioritization from security teams, letting them focus on mitigation of real threats.
Lastly, and most importantly, we built the Hunters platform to uplevel security analysts’ ability to see, understand and respond to security incidents. We packed our expertise in threat hunting and attack techniques, combined them with threat intel, and built multiple layers of automation to present security analysts with a prioritized list of attack stories, and their context, accelerating their understanding of what happened and how to address it.
The momentum built around Hunters, with the growing list of Fortune 1000 companies adopting our platform to serve at the heart of their security operations, and the numerous cloud-native businesses building their security operations with XDR as their core SOC technology, demonstrates the success of our approach.
We partner with security operation teams around the world to make a difference: improve their work and make them better at seeing and stopping attacks. I get excited when a customer like Mihir Shah, VP Information Technology at NETGEAR, one of the world’s leading network solution manufacturers, describes how Hunters enabled NETGEAR’s security team to shift from manual to automated incident investigation, as I know how critical this change is to accelerating their ability to mitigate cyber threats. I am thrilled when a CISO of a large financial services company drastically improves their attack surface visibility and attains cloud-scale detection and response after replacing their legacy SIEM (which they struggled with for years) with Hunters XDR. Or, when a security analyst from a retail firm shares with us that they were able to triple their data ingestion volume compared (and by that have access to detection use cases they couldn’t analyze before) to what they were doing with their SIEM, while cutting data storage costs by 75%.
I want to take this opportunity to thank our customers who have put their trust in us with their most critical workflows, our partners without whom we wouldn’t be able to deliver successful outcomes for our mutual customers, and our investors who continue to believe in and support our vision: Bessemer Venture Partners, YL Ventures, Blumberg Capital, Microsoft’s Venture Fund M12, U.S. Venture Partners (USVP), Okta Ventures and Snowflake Ventures. And of course a huge thank you to an amazing team of exceptionally talented people! Our team is growing, across all departments, disciplines and geographies. There is no better time to join us, and be part of the team that is building the next pillar security company.