Threat Hunting

chaossearch

Threat Hunting Frameworks and Methodologies: An Introductory Guide

Creating an effective threat hunting program is among the top priorities of security leaders looking to become more proactive and build active defenses. Yet finding the right expertise to staff a hunt team remains a challenge, with 58% of respondents in a recent SecOps survey saying they felt their organization’s investigative skills and capabilities were in need of improvement.

chaossearch

How to Plan a Threat Hunt: Using Log Analytics to Manage Data in Depth

Security analysts have long been challenged to keep up with growing volumes of increasingly sophisticated cyberattacks, but their struggles have recently grown more acute. Only 46% of security operations leaders are satisfied with their team’s ability to detect threats, and 82% of decision-makers report that their responses to threats are mostly or completely reactive — a shortcoming they’d like to overcome.

graylog

Threat Hunting with Threat Intelligence

With more people working from home, the threat landscape continues to change. Things change daily, and cybersecurity staff needs to change with them to protect information. Threat hunting techniques for an evolving landscape need to tie risk together with log data. Within your environment, there are a few things that you can do to prepare for effective threat hunting. Although none of these is a silver bullet, they can get you better prepared to investigate an alert.

splunk

Threat Hunting With ML: Another Reason to SMLE

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.

Introducing Siemplify ThreatFuse

ThreatFuse is an add-on module to the Siemplify SOAR platform, powered by Anomali, which ingrains threat intelligence across the entire detection and response lifecycle. From enrichment with real-time threat indicators, through threat hunting and intelligence sharing, security analysts can validate, investigate and respond to threats with unprecedented speed and precision.
sumologic

How Clorox leverages Cloud SIEM across security operations, threat hunting, and IT Ops

During Sumo Logic’s Illuminate user conference, Heath Hendrickson, senior security architect at the Clorox company, and Gary Conner, senior threat protection lead, presented how they are leveraging Sumo Logic across security operations, threat hunting, IT operations, and more.

elastic

Investigative analysis of disjointed data in Elasticsearch with the Siren Platform

At Siren, we build a platform used for “investigative intelligence” in Law Enforcement, Intelligence, and Financial Fraud. Investigative intelligence is a specialisation of data analytics that serves the needs of those that are typically hunting for bad actors. Such investigations are the primary focus of law enforcement and intelligence, but are also critical to uncovering financial crime activities and for threat hunting in cybersecurity.

elastic

Gaining holistic visibility with Elastic Security

Let’s talk visibility for a moment. Security visibility is a data-at-scale problem. Searching, analyzing, and processing across all your relevant data at speed is critical to the success of your team’s ability to stop threats at scale. Elastic Security can help you drive holistic visibility for your security team, and operationalize that visibility to solve SIEM use cases, strengthen your threat hunting practice with machine learning and automated detection, and more.

humio

The key to faster threat hunting: Log everything

Time is critical when you’re threat hunting. The longer it takes to identify and remediate a threat, the greater the risk of financial and data loss. Unfortunately, a lot of organizations collect only a portion of the logs they produce, hampering their ability to reduce their mean time to detect (MTTD) and mean time to respond (MTTR) to threats.

tripwire

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations.