Threat Hunting

elastic

Investigative analysis of disjointed data in Elasticsearch with the Siren Platform

At Siren, we build a platform used for “investigative intelligence” in Law Enforcement, Intelligence, and Financial Fraud. Investigative intelligence is a specialisation of data analytics that serves the needs of those that are typically hunting for bad actors. Such investigations are the primary focus of law enforcement and intelligence, but are also critical to uncovering financial crime activities and for threat hunting in cybersecurity.

elastic

Gaining holistic visibility with Elastic Security

Let’s talk visibility for a moment. Security visibility is a data-at-scale problem. Searching, analyzing, and processing across all your relevant data at speed is critical to the success of your team’s ability to stop threats at scale. Elastic Security can help you drive holistic visibility for your security team, and operationalize that visibility to solve SIEM use cases, strengthen your threat hunting practice with machine learning and automated detection, and more.

humio

The key to faster threat hunting: Log everything

Time is critical when you’re threat hunting. The longer it takes to identify and remediate a threat, the greater the risk of financial and data loss. Unfortunately, a lot of organizations collect only a portion of the logs they produce, hampering their ability to reduce their mean time to detect (MTTD) and mean time to respond (MTTR) to threats.

tripwire

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations.

elastic

Threat hunting capture the flag with Elastic Security: BSides 2020

Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.

Creating a Scalable and Repeatable Threat Hunting Program with Carbon Black and Siemplify

According to SANS, 82% of all SOCs are investing in advanced Threat Hunting programs, but that is no simple task. Many organizations struggle with incorporating threat hunting into their security operations efforts due to a lack of expertise. Creating an effective threat hunting program requires a combination of the right tools and the right processes. The combination of flexibility and automation opens up the ability for anyone in the security operations center to perform threat hunting at scale.

Intelligence Driven Threat Hunting with SOAR

Most security teams face the same challenges when it comes to their ability to be proactive: skills shortages, lack of visibility into weaknesses and the incapacity of internal resources to detect and eliminate threats. Cyberint’s new solution uncovers existing compromises, malicious activity, persistence, and residuals from past breaches with an intelligence-driven approach to hunt down threats. When managed threat hunting is combined with the power of security orchestration, automation and response (SOAR), organizations can obtain critical context about attacks in real-time, streamlining the response process. How managed threat hunting helps businesses be proactive about their security. Why it’s critical to onboard managed threat hunting service at a time when global challenges like COVID-19 create business disruption and change organizations’ digital environments for months or years to come The types of threats that can be discovered during a threat hunt – from active attacks to the remnants of past intrusions. How leveraging SOAR technology can help automate hunts and better manage security incidents, from identification to remediation, through custom playbooks. Presented By Adi Perez - VP Technology, CyberInt Nimmy Reichenberg - Cheif Marketing Officer, Siemplify

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.

Threat Hunting with Elastic APM

Learn how APM lets you monitor the performance of applications deployed anywhere within your network. Now you can use APM data to hunt for threats and injection attacks, too. Elastic provides a common data platform so you can view HTTP data collected with your APM agents in the Elastic SIEM app. It’s seamless monitoring and protection to keep your systems up, running, and secure.