Hunters Announces New Open XDR Capabilities Making it the Leading SIEM Alternative
August 3rd, 2021 - Las Vegas, Black Hat 2021 -- Hunters, the leading Open Extended Detection and Response (XDR) platform, announced today a set of capabilities that further strengthen its position as the leading alternative to SIEM for organizations that seek to accelerate their incident detection, investigation, and response.
“The new capabilities further position Hunters as a platform of choice by customers looking to replace their SIEM with a modern XDR platform that is built for the security needs of today’s enterprise,” said Noam Biran, Vice President of Product at Hunters. ”Hunters XDR is becoming a central tool for security operations, used by some of the world’s largest organizations to connect telemetry from their entire security and IT environment, automatically turning signals into a cohesive view of real incidents, with context, in order to drive a rapid, effective SOC response.”
To learn how NETGEAR used Hunters to replace its SIEM, join a FREE Lunch and Learn as part of the Virtual Black Hat 2021 conference, Thursday, August 5th, 2021 12:20 -1:00 pm PT/ 3:20-4:00 EST. Step 1: Sign up for Black Hat, 'Free Business Pass'; Step 2: Register for the Lunch and Learn
Enhanced Automatic Investigations
One of the most critical gaps organizations face in their Threat Detection and Incident Response program is the complexity of incident investigation. While security teams have deployed a variety of tools and sensors (e.g. EDR, NDR, Cloud security, Email security, Identity and others) that alert on suspicious behaviors, it takes a lengthy and usually complex process for security analysts to connect the dots and form a coherent view of an incident, before being able to contain and remediate it.
The process of manually stitching together siloed threat signals is extremely time-consuming, often frustrating, and in many cases inaccurate, due to the lack of context with alerts and the skills needed for correctly identifying seemingly unrelated signals.
Hunters XDR changes the paradigm of incident detection: while other solutions deploy a variety of mechanisms to filter out noise, Hunters technology does the opposite - it amplifies true positive signals through its dynamic scoring and automatic investigation mechanism.
The Hunters XDR automatic investigation capability eliminates the need to sift through hundreds or thousands of daily alerts, giving security analysts more time to work strategically. A new upgrade to this capability provides even more context to enable a more thorough and effective understanding and triage. Every alert in the Hunters platform is now enriched with additional supporting data, correlated with information from external sources. In order to do so, investigations now focus on the key entities involved in a specific activity and automatically provide explanations and insights on what happened.
Auto-Investigations are grouped into key meaningful entities that are related to the alert: host, person, process, etc. each with its own related attributes, enrichments, and activity data that enable a deeper understanding of the inter-relation between them and as a result, of the maliciousness of the alert.
Custom Detections (or “Rule-Writing” 2.0)
Hunters XDR’s pre-built detections provide comprehensive coverage out-of-the-box, but customers can also add their own detection logic into the platform to easily query the data without writing a single line of SQL.
The rule-writing approach for detection that legacy SIEMs employ is cumbersome, noisy, and inefficient, and no one knows better the security ecosystem of the organization than their SOC team does, so having the ability to customize detections that fit their very own environment on top of all the out-of-the-box Hunters’ TTP-based detection is key.
With Custom Detections users are able to add their own detection logic on top of the ingested and normalized data, defining their own detection rules or using logic taken from external public repositories in order for the platform to apply that logic on the ingested data. As part of the Custom Detections feature, users can also define the base score, associated MITRE ATT&CK TTPs, and other metadata. The Hunters XDR ecosystem is applied to Custom Detections: signals and leads generated by these detections are automatically investigated, scored, cross-correlated, and presented to the user with comprehensive context.
Dashboards & Reporting
The Hunters XDR Dashboard and Reporting capabilities allow security teams to use Hunters’ data (alerts, leads, MITRE ATT&CK TTPs, etc.) as well as raw data from the security data lake to create custom dashboards to visualize SOC metrics, monitor activity in the network, analyze threat trends and track the organization's security posture.
Users can generate and share reports with peers and with other functions of the organizations.
Dashboarding can be used for:
- Monitoring Security Team operations
- Tracking security threat trends
- CISO KPIs Dashboard
- Executive IT-Security report
- Organization security posture tracking
- IT-Security visibility
Hunters XDR is a turn-key data and security platform powering effective detection and rapid response to security incidents. Ideal for security operations teams working to contain technology sprawl, adapt to cloud-scale and extend the value of the existing data streams, the Hunters' Open XDR is adopted as a modern SIEM replacement by the world’s largest enterprises. Hunters is backed by leading VCs and strategic investors including Snowflake, Okta, Microsoft M12, YL Ventures and USVP.