Threat Hunting

humio

The key to faster threat hunting: Log everything

Time is critical when you’re threat hunting. The longer it takes to identify and remediate a threat, the greater the risk of financial and data loss. Unfortunately, a lot of organizations collect only a portion of the logs they produce, hampering their ability to reduce their mean time to detect (MTTD) and mean time to respond (MTTR) to threats.

tripwire

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations.

elastic

Threat hunting capture the flag with Elastic Security: BSides 2020

Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.

Intelligence Driven Threat Hunting with SOAR

Most security teams face the same challenges when it comes to their ability to be proactive: skills shortages, lack of visibility into weaknesses and the incapacity of internal resources to detect and eliminate threats. Cyberint’s new solution uncovers existing compromises, malicious activity, persistence, and residuals from past breaches with an intelligence-driven approach to hunt down threats. When managed threat hunting is combined with the power of security orchestration, automation and response (SOAR), organizations can obtain critical context about attacks in real-time, streamlining the response process. How managed threat hunting helps businesses be proactive about their security. Why it’s critical to onboard managed threat hunting service at a time when global challenges like COVID-19 create business disruption and change organizations’ digital environments for months or years to come The types of threats that can be discovered during a threat hunt – from active attacks to the remnants of past intrusions. How leveraging SOAR technology can help automate hunts and better manage security incidents, from identification to remediation, through custom playbooks. Presented By Adi Perez - VP Technology, CyberInt Nimmy Reichenberg - Cheif Marketing Officer, Siemplify

Creating a Scalable and Repeatable Threat Hunting Program with Carbon Black and Siemplify

According to SANS, 82% of all SOCs are investing in advanced Threat Hunting programs, but that is no simple task. Many organizations struggle with incorporating threat hunting into their security operations efforts due to a lack of expertise. Creating an effective threat hunting program requires a combination of the right tools and the right processes. The combination of flexibility and automation opens up the ability for anyone in the security operations center to perform threat hunting at scale.

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.

Threat Hunting with Elastic APM

Learn how APM lets you monitor the performance of applications deployed anywhere within your network. Now you can use APM data to hunt for threats and injection attacks, too. Elastic provides a common data platform so you can view HTTP data collected with your APM agents in the Elastic SIEM app. It’s seamless monitoring and protection to keep your systems up, running, and secure.
alienvault

Threat hunting explained

The process of threat hunting involves proactively searching for malware or attackers that are hiding within a network. Rather than simply relying on security solutions or services to detect threats, threat hunting is a predictive element to a layered security strategy, empowering organizations to go on the offensive looking for threats.

elastic

Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 2)

In Part 2 of this two-part series, our goal is to provide security practitioners with better visibility, knowledge, and capabilities relative to malicious persistence techniques that impact organizations around the world every day. In this post, we’ll explore two additional persistence techniques that are being used by attackers in the wild: Scheduled Tasks (T1053) and BITS Jobs (T1197).