Can you identify threats that don’t use known malware…
Proactive Threat Hunting
Threat hunting can reduce dwell time, the time between a breach and its discovery. Shortening that time can make the difference between spending a few thousand dollars on remediation and millions to deal with a full-on compromise.
WHAT IS PROACTIVE THREAT HUNTING?
Proactive Threat Hunting goes beyond the traditional SOC-based threat hunting activities by looking for threat indicators from systems which may not be sending their system logs or that are outside the scope of logging.
Proactive Threat Hunting requires toolsets and technology beyond what normal Security Operations maintain to perform their day-to-day threat monitoring and triage activities. When proactive methods and technologies are used, it can reduce false positives, enhance the accuracy and speed positive confirmation of threat analysis/response activities in the SOC.
HOW IT WORKS
ThreatWatch® Hunt integrates hunting toolsets and methods with Security On-Demand’s proprietary correlation and behavioral analysis capabilities, such as machine learning-based artificial intelligence and supervised learning models that use behavioral analysis of attack patterns. As part of the service, SOD will:
Once an alert for a potential threat is received, the data is correlated with other security information and then our SOC team will respond to further triage and investigate the suspicious activity.
The ThreatWatch Hunt service conducts periodic scheduled scans of network devices. Implants and threats discovered during a sweep initiate an alert to the ATLAS Analytics Platform.
Companies that identified a breach in less than 100 days saved more than $1 million as compared to those that took more than 100 days. Similarly, companies that contained a breach in less than 30 days saved over $1 million as compared to those that took more than 30 days to resolve. (IBM 2018 Cost of Data Breach study)