Threat Hunting

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.

Threat Hunting with Elastic APM

Learn how APM lets you monitor the performance of applications deployed anywhere within your network. Now you can use APM data to hunt for threats and injection attacks, too. Elastic provides a common data platform so you can view HTTP data collected with your APM agents in the Elastic SIEM app. It’s seamless monitoring and protection to keep your systems up, running, and secure.

Threat hunting explained

The process of threat hunting involves proactively searching for malware or attackers that are hiding within a network. Rather than simply relying on security solutions or services to detect threats, threat hunting is a predictive element to a layered security strategy, empowering organizations to go on the offensive looking for threats.


Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 2)

In Part 2 of this two-part series, our goal is to provide security practitioners with better visibility, knowledge, and capabilities relative to malicious persistence techniques that impact organizations around the world every day. In this post, we’ll explore two additional persistence techniques that are being used by attackers in the wild: Scheduled Tasks (T1053) and BITS Jobs (T1197).


What is the Next Generation Threat Hunting

The FBI recently reported that in 2019, cybercrime cost businesses $3.5 billion, a number they say is likely grossly underestimated. Another study from Accenture that spanned 11 countries across 16 industries found that the complexity of attacks is also increasing. As a result, the average cost of cybercrime for an organization grew from $1.4 million to $13.0 million.


Threat Hunting with The MITRE ATT&CK Framework

As a result of this ever-increasing volume and sophistication, SOC’s and SIEM’s using traditional, reactive measures are overwhelmed. More and more organizations are turning to detection and response solutions which combine threat intelligence and cyber expertise, to uncover and remediate threats as early as possible, and also to mitigate risk of future attacks.


How to Achieve Proactive Threat Hunting

Threat hunting practices are gaining much more importance as hackers and cyber threats focus on improving their stealth. As a result, it is essential for organizations to take on a proactive stance on threat hunting. Continue reading to learn how you can manage that. What is threat hunting? Threat hunting is one of the fundamental cyber security practices. It aims to detect stealthy attacks and threats that go undetected by the traditional security measures.