Trustwave is relaunching its Advanced Continual Threat Hunt (ACTH) platform with a new patent-pending methodology that enables Trustwave researchers to conduct significantly more human-led threat hunts, resulting in a 3x increase in behavior-based threat findings. These discoveries might otherwise go undetected by current EDR tools.
It’s no secret that SOC teams are struggling. The main reason is the sheer volume of data they must collect and analyze to thwart cybercrime. The data sources they need to account for include applications, transactions, IoT devices, mobile devices, and more. And the amount of global information created, replicated, and consumed is projected to increase to more than 180 zettabytes over the next five years, making the data challenge we’re facing even worse.
In this blog post, we outline some of the key tools and approaches involved with effective cyber threat hunting.
With the end of the year fast approaching, many of us are looking forward to a well-deserved break. However, security practitioners and security leaders worldwide are bracing themselves for what has become a peak period for novel and disruptive threats. In 2020, the holiday season was marked by the SUNBURST incident, and in 2021 the world grappled with Log4Shell.
Many automation tools, such as SOAR, suffer from an ironic Catch-22: you know that automation will save your team huge amounts of time, but it’s difficult to implement and requires skills you don’t necessarily have in-house. Essentially, you can’t afford the tools that will save you money. Ay, there’s the rub! You may have seen tools promising “no-code” capabilities with intuitive GUIs that help non-programmers build abstract functions.
What if you could easily extend the retention of your CrowdStrike Falcon® detection data for a year or longer? Would that help with compliance? Investigations? Threat hunts? In Part 1 of this series, we covered the basics of Falcon Long Term Repository (Falcon LTR). To recap, Falcon LTR is an option available to Falcon customers. It offers a simple and cost-effective way to retain your Falcon detection data long term, which has historically been a costly and complex endeavor for security teams.
Proactive threat hunting is a cyclical, proactive and hypothesis-driven process that assumes an undiscovered breach of an unknown type has already occurred. There is no precipitating incident or roadmap; no high-fidelity detection rules have been triggered.
