Use Case

Threat Hunting for
High-Powered SOCs

basic_heading secondary

Keeping the bad guys out is hard.
Finding them once they’re in is harder.

Threat hunting is a must-have function in a high-powered SOC. These resources provide a fast path to build and extend your threat hunting capabilities.

text_image_eight narrow
  • 82% of all SOCs are investing in advanced Threat Hunting programs.

    SANS Institute Survey, 2017


Join a Live Demo of
Cb Response

Every other Tuesday at 2PM EST (11AM PST), our 30 minute webcast covers how Cb Response enables your security team to:

  • Stop the headline breach and detect advanced attacks faster

  • Proactively discover the most advanced threats that make it past your defense

  • Leverage open APIs to integrate with the rest of your security stack for advanced attack correlation

Register For The Next Live Demo

Threat Hunting Basics

What is Threat Hunting?

Today’s cyber criminals launch highly targeted attacks to gain valid credentials and become ‘insiders’ within your network. Once inside, they can use built-in tools and executables to accomplish their goals. To keep up, CISOs employ skilled defenders who use advanced tools to find and mitigate these hidden threats.

Threat hunting is the active pursuit of abnormal activity on servers and endpoints that may be signs of compromise. The concept isn’t new, but many organizations are just getting started with threat hunting.

The common approach to intrusions is to respond after getting an alert. But by then, attackers could be inside your systems for months before you know it. Rather than wait for alerts, threat hunters proactively look for anomalies.

basic_heading secondary

“Become a Threat Hunter” Series

Take this free, four-part series to learn the basics of threat hunting. Each lesson focuses on a specific type of attack technique.

  • Lesson 1:

    PowerShell Empire: An open-source tool that is very commonly used by bad actors.

  • Lesson 2:

    Dridex: Popular malware used to steal banking credentials

  • Lesson 3:

    APT (Advanced Persistent Threat) 10: Sophisticated technique used to steal IP and other sensitive information.

  • Lesson 4:

    QuasarRAT, open source fully featured remote access Trojan (RAT)


Advanced Threat Hunting

Advanced Threat Hunting Capabilities: Visibility, Speed & Integration

Visibility: Sophisticated attackers obscure their actions. To hunt down advanced threats, experts require continuous capture of unfiltered endpoint activity, and centralized access to the data for immediate inquiry.

Speed: Experts achieve speed by combining a deep understanding of their infrastructure along with tools that enable iterative hunting. Once root cause is identified, institutionalizing that knowledge makes the next attack harder.

Integration: Integration of your security infrastructure is key to high-speed threat hunting. Combining defenses enables hunters to correlate threat indicators from multiple perspectives.

basic_heading secondary

“Threat Hunting for Experts” Series

Monthly webinar series providing in-depth knowledge on hunting down the latest advanced attacks. Each episode takes a deep-dive on a specific, complex attack, from initial threat indicators to root cause analysis.
Join expert threat hunters as we:

  • Investigate the latest, emerging threat

  • Provide step-by-step guidance on shutting it down.

  • Show how the attack was identified

basic_heading secondary

Threat Hunting Tools


Cb Response

Cb Response is an industry-leading solution used by threat hunting professionals. Cb Response empowers SOC teams to quickly detect attacks in progress and shut them down:

  • Unfiltered visibility into every endpoint event

  • Root cause identification

  • Real-time response

  • Unlimited scalability

Learn more about Cb Response