Threat Hunting for
82% of all SOCs are investing in advanced Threat Hunting programs.
SANS Institute Survey, 2017
Join a Live Demo of
Every other Tuesday at 2PM EST (11AM PST), our 30 minute webcast covers how Cb Response enables your security team to:
Stop the headline breach and detect advanced attacks faster
Proactively discover the most advanced threats that make it past your defense
Leverage open APIs to integrate with the rest of your security stack for advanced attack correlation
Threat Hunting Basics
What is Threat Hunting?
Today’s cyber criminals launch highly targeted attacks to gain valid credentials and become ‘insiders’ within your network. Once inside, they can use built-in tools and executables to accomplish their goals. To keep up, CISOs employ skilled defenders who use advanced tools to find and mitigate these hidden threats.
Threat hunting is the active pursuit of abnormal activity on servers and endpoints that may be signs of compromise. The concept isn’t new, but many organizations are just getting started with threat hunting.
The common approach to intrusions is to respond after getting an alert. But by then, attackers could be inside your systems for months before you know it. Rather than wait for alerts, threat hunters proactively look for anomalies.
PowerShell Empire: An open-source tool that is very commonly used by bad actors.
Dridex: Popular malware used to steal banking credentials
APT (Advanced Persistent Threat) 10: Sophisticated technique used to steal IP and other sensitive information.
QuasarRAT, open source fully featured remote access Trojan (RAT)
Advanced Threat Hunting
Advanced Threat Hunting Capabilities: Visibility, Speed & Integration
Visibility: Sophisticated attackers obscure their actions. To hunt down advanced threats, experts require continuous capture of unfiltered endpoint activity, and centralized access to the data for immediate inquiry.
Speed: Experts achieve speed by combining a deep understanding of their infrastructure along with tools that enable iterative hunting. Once root cause is identified, institutionalizing that knowledge makes the next attack harder.
Integration: Integration of your security infrastructure is key to high-speed threat hunting. Combining defenses enables hunters to correlate threat indicators from multiple perspectives.
Investigate the latest, emerging threat
Provide step-by-step guidance on shutting it down.
Show how the attack was identified
Cb Response is an industry-leading solution used by threat hunting professionals. Cb Response empowers SOC teams to quickly detect attacks in progress and shut them down:
Unfiltered visibility into every endpoint event
Root cause identification