Threat Hunting

chaossearch

Log Analytics and SIEM for Enterprise Security Operations and Threat Hunting

Today’s enterprise networks are heterogeneous, have multiple entry points, integrate with cloud-based applications, offer data center delivered services, include applications that run at the edge of the network, and generate massive amounts of transactional data. In effect, enterprise networks have become larger, more complex, and more difficult to secure and manage.

sumologic

The Role of Threat Hunting in Modern Security

Security and IT teams may be loathe to admit it, but security has historically been mostly a reactive affair. Security engineers monitored for threats and responded when they detected one. They may have also taken steps to harden their systems against breaches, but they didn’t proactively fight the threats themselves. That is changing as more and more teams add threat hunting as one pillar of their cybersecurity strategies.

sumologic

Threat Hunting with Cloud SIEM

Threat hunting is emerging as a must-have addition to cybersecurity strategies. By enabling organizations to find and mitigate threats before they ever touch their networks or systems, threat hunting provides the basis for a more proactive security posture – and one that delivers higher ROI on security tools and processes. How can businesses actually add threat hunting to their security arsenals? That’s where solutions like Sumo Logic's Cloud SIEM come in.

splunk

Tales of a Principal Threat Intelligence Analyst

At Splunk, we’re constantly on the hunt for new and emerging threats — tirelessly developing detection techniques to zero in on bad actors, while sharing key intelligence around cybercrime activity. But because threat intelligence can relate to so many different things — ranging from spear phishing campaigns to dark web dealings — it can be a challenge to cover and define all the specifics of what (or who) to look out for.

graylog

How to Proactively Plan Threat Hunting Queries

As your security capabilities improve with centralized log management, you can create proactive threat hunting queries. Setting baselines, determining abnormal behavior, and choosing an attack framework helps you mitigate risk and respond to incidents. To reduce key metrics like the mean time to investigate (MTTI) and mean time to respond (MTTR), security operations teams need to understand and create proactive queries based on their environments.

humio

Could you be a threat hunter?

Threat hunting can seem like an intimidating discipline to many. Something that is shrouded in mystery and the preserve of highly experienced and trained cyber specialists in companies with huge resources. Operating a world-class 24/7 threat hunting team like the experts in CrowdStrike’s Falcon OverWatch is far from simple and in reality many companies never even try. We want to encourage people who are new to threat hunting to give it a go and make it easy to get started.

chaossearch

Threat Hunting Frameworks and Methodologies: An Introductory Guide

Creating an effective threat hunting program is among the top priorities of security leaders looking to become more proactive and build active defenses. Yet finding the right expertise to staff a hunt team remains a challenge, with 58% of respondents in a recent SecOps survey saying they felt their organization’s investigative skills and capabilities were in need of improvement.