toggler
Thinking-like-an-adversary

Thinking like an adversary

Thinking-like-an-adversary

Impersonating an attacker will help understand how cyber adversaries would act in the context of a specific organization and operation objectives. For example – a cyber operation on a cloud-based software development company with 5K employees would not be carried the same way a cyber operation on a hardware SMB would. To examine possible operation methods, a threat hunter should hypothesize specific Tactics, Techniques, and Procedures (TTPs), understand how these TTPs would appear in specific organizational data sources, and search for them.

Examining known attack behaviors

Examining known attack behaviors

Examining known attack behaviors

Despite discovering hundreds of organizational cyberattacks per day, “traditional” security products do not address/document TTPs that are commonly used by cyber attackers. They merely focus on IOCs. Another threat hunting investigation method includes looking at published attacks, and researching attack behaviors in depths. From there, a good threat hunter will build powerful new attack hypotheses, relying on newly discovered attack behaviors and techniques.

Hunting anomalies in known environments

Hunting anomalies in known environments

Hunting anomalies in known environments

Cyberattackers’ activity is inherently different than that of employees and insiders, because they have different goals. This means that they will always leave traces. Threat hunters can trace anomalies by using different statistical outlier algorithms. E.g.: In an environment with thousands of benign endpoints and only a few that are compromised, specific activities will immediately stand out as anomalous in a statistic analysis. From there, the hard work is understanding whether these anomalies represent a malicious activity or not. An experienced hunter will infuse the statistical analysis with relevant features, differentiators and labels, to raise its efficiency.

A New Chapter in Threat Detection & Response

New Threat Detection and Response solutions push beyond the single point, and rise above data noise

In order to rapidly detect threats and effectively respond, enterprises today need to acquire the following features in threat detection and response:

Interconnected Data

Interconnected Data

Enables effective cross-correlation across every IT environment: cloud, on-premises, endpoints, etc.
Automatic Detection

Automatic Detection

Enables the processing of petabytes of organizational data, to generate exceptional threat signals
Proactive Detection

Proactive Detection

- Identifies breaches from an early stage
- Expedites response time
- Provides SOC teams with concrete findings
Vendor Agnostic Analysis

Vendor Agnostic Analysis

Enables defenders to work freely with existing organizational environments and security controls, with no vendor lock
Automated Threat Hunting with Hunters XDR

Automated Threat Hunting with Hunters XDR

Automated Threat Hunting with Hunters XDR
Automated Threat Hunting with Hunters XDR

Read our blog post: “'XDR': Re-evaluating Threat Detection & Response”

Scroll to Top