Use Case

Threat Hunting for High-Powered SOCs

text_image_one
“82% of all SOCs are investing in advanced Threat Hunting programs.”  - SANS Institute Survey, 2017
Keeping the bad guys out is hard. Finding them once they’re in is harder. Threat hunting is a must-have function in a high-powered SOC. These resources provide a fast path to build and extend your threat hunting capabilities.

“82% of all SOCs are investing in advanced Threat Hunting programs.” - SANS Institute Survey, 2017

text_image_seven

Threat Hunting Basics

What is Threat Hunting?

Today’s cyber criminals launch highly targeted attacks to gain valid credentials and become ‘insiders’ within your network. Once inside, they can use built-in tools and executables to accomplish their goals. To keep up, CISOs employ skilled defenders who use advanced tools to find and mitigate these hidden threats.

Threat hunting is the active pursuit of abnormal activity on servers and endpoints that may be signs of compromise. The concept isn’t new, but many organizations are just getting started with threat hunting.

The common approach to intrusions is to respond after getting an alert. But by then, attackers could be inside your systems for months before you know it. Rather than wait for alerts, threat hunters proactively look for anomalies.

cta
basic_heading secondary

“Become a Threat Hunter” Series

Take this free, four-part series to learn the basics of threat hunting. Each lesson focuses on a specific type of attack technique.

three_up_bullets
  • Lesson 1:

    PowerShell Empire: An open-source tool that is very commonly used by bad actors.

  • Lesson 2:

    Dridex: Popular malware used to steal banking credentials

  • Lesson 3:

    APT (Advanced Persistent Threat) 10: Sophisticated technique used to steal IP and other sensitive information.

  • Lesson 4:

    QuasarRAT, open source fully featured remote access Trojan (RAT)

cta
text_image_seven

Advanced Threat Hunting

Advanced Threat Hunting Capabilities: Visibility, Speed & Integration

Visibility: Sophisticated attackers obscure their actions. To hunt down advanced threats, experts require continuous capture of unfiltered endpoint activity, and centralized access to the data for immediate inquiry.

Speed: Experts achieve speed by combining a deep understanding of their infrastructure along with tools that enable iterative hunting. Once root cause is identified, institutionalizing that knowledge makes the next attack harder.

Integration: Integration of your security infrastructure is key to high-speed threat hunting. Combining defenses enables hunters to correlate threat indicators from multiple perspectives.

cta
basic_heading secondary

“Threat Hunting for Experts” Series

Monthly webinar series providing in-depth knowledge on hunting down the latest advanced attacks. Each episode takes a deep-dive on a specific, complex attack, from initial threat indicators to root cause analysis. Join expert threat hunters as we:

three_up_bullets
  • Investigate the latest, emerging threat

  • Provide step-by-step guidance on shutting it down.

  • Show how the attack was identified

cta
basic_heading secondary

Threat Hunting Tools

product_benefit_statements

Cb Response

Cb Response is the market-leading tool used by threat hunting professionals. Cb Response empowers SOC teams to quickly detect attacks in progress and immediately shut them down:

BanHash-B
  • Complete visibility into every endpoint event

  • Root cause identification

  • Immediate, real-time response

  • Unlimited scalability

Learn more about Cb Response
resources row

Learn More about Threat Hunting