Introducing Threat Hunting

Increased exposure in the media and changes to regulation and breach reporting (including GDPR) have put organizational security in the spotlight and increased the risk to reputation if an organization can’t deal with a breach.

This will fundamentally change the focus of security from a passive protection and detection techniques to actively seeking out vulnerabilities and attackers in the network.

This process is known as Threat Hunting.

What is Threat Hunting?

Threat Hunting puts a dedicated focus on identifying and counteracting attackers or breaches inside your network (these could be caused by Zero Day Threats or Advanced Persistent Threats) and deploying countermeasures.

Effective Threat Hunting is built on a good hypothesis about threats your organization is vulnerable to, where those vulnerabilities are, and how attackers can take advantage of users or business processes to infiltrate your network.

To be considered a threat an attacker must possess three traits: the intent, capability and opportunity to do harm.

Being aware of these threats and having the resources to hunt them will limit the damage caused if you’re infiltrated and help you protect your network from a serious breach.

Threat Hunting as Active Defense

Sometimes the best defense is offense and an effective offense needs to be data driven to capture an image of what’s normal and what’s not on your network.

That data needs to be analyzed and turned into intelligence, which can inform your threat hunter and your response strategies. Without comprehensive data, you’re effectively searching in the dark.

The EndaceProbe Analytics Platform provides an invaluable resource for threat hunters. Not only does it record a complete history of activity on the network, but analysts can leverage the EndaceProbe's hosting capability to deploy a wide variety of security analytics tools including solutions from Endace's Fusion Partners, open-source tools or even custom-developed applications to analyze recorded Network History.


In addition, pre-built integration with solutions such as Splunk, IBM QRadar, Microfocus Arcsight, Cisco Stealthwatch and Plixer Scrutinizer make it easy for analysts to quickly go from querying and analyzing activity in these security tools to examining the related full packet data with a single click - dramatically accelerating the investigation process.

Threat Hunting Resources on endace.com

{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
Please contact me by {{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
  • {{ key }} - {{ value }}
Back

How about a Demo?

Integrating Network History into your security and performance monitoring tools gives you definitive evidence at your fingertips.

Find out just how fast and accurate your investigations could be.

Yes please, sign me up