Hunters, the leading Open Extended Detection and Response (XDR) platform, announced a set of capabilities that further strengthen its position as the leading alternative to SIEM for organizations that seek to accelerate their incident detection, investigation and response.
โThe new capabilities further position Hunters as a platform of choice by customers looking to replace their SIEM with a modern XDR platform that is built for the security needs of todayโs enterprise,โ said Noam Biran, vice president of product at Hunters. โHunters XDR is becoming a central tool for security operations, used by some of the worldโs largest organizations to connect telemetry from their entire security and IT environment, automatically turning signals into a cohesive view of real incidents, with context, in order to drive a rapid, effective SOC response.โ
Recommendedย ITechย News: Protiviti Offers Innovative Ransomware Service to Help Companies Combat Disruptive Attacks
To learn how NETGEAR used Hunters to replace its SIEM, join aย FREE Lunch and Learnย as part of the Virtual Black Hat 2021 conference, Thursday, August 5th, 2021 12:20 -1:00 pm PT/ 3:20-4:00 EST. Step 1: Sign up for Black Hat, ‘Free Business Pass’; Step 2: Register for theย Lunch and Learn.
Enhanced Automatic Investigations
One of theย most critical gaps organizationsย face in their Threat Detection and Incident Response program is the complexity of incident investigation. While security teams have deployed a variety of tools and sensors (e.g., EDR, NDR, Cloud security, Email security, Identity and others) that alert on suspicious behaviors, it takes a lengthy and usually complex process for security analysts to connect the dots and form a coherent view of an incident before being able to contain and remediate it.
The process of manually stitching together siloed threat signals is extremely time-consuming, often frustrating, and in many cases inaccurate, due to the lack of context with alerts and the skills needed for correctly identifying seemingly unrelated signals.
Recommendedย ITechย News: Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle, Minimize Business Impact
Hunters XDR changes the paradigm of incident detection. While other solutions deploy a variety of mechanisms to filter out noise, Hunters technology does the opposite – it amplifies true positive signals through its dynamic scoring and automatic investigation mechanism.
The Hunters XDR automatic investigation capability eliminates the need to sift through hundreds or thousands of daily alerts, giving security analysts more time to work strategically. A new upgrade to this capability provides even more context to enable a more thorough and effective understanding and triage. Everyย alert in the Hunters platform is now enriched with additional supporting data correlated with information from external sources. In order to do so, investigations now focus on the key entities involved in a specific activity and automatically provide explanations and insights on what happened.
Auto-Investigations are grouped into key meaningful entities that are related to the alert such as host, person, process and others, each with its own related attributes, enrichments and activity data, that enable a deeper understanding of the inter-relation between them and, as a result, of the maliciousness of the alert.
Recommendedย ITechย News: Epiphany Systems Announces Strategic Partnership with Armis to Identify Critical Attack Paths Across OT and IT Environments
Learn more about Huntersโ Auto-Investigation and Scoring mechanisms in our recent blog.
Custom Detections (or โRule-Writingโ 2.0)
Hunters XDRโs pre-built detections provide comprehensive coverage out-of-the-box, but customers can also add their own detection logic into the platform to easily query the data without writing a single line of SQL.
The rule-writing approach for detection that legacy SIEMs employ is cumbersome, noisy and inefficient, and since no one knows better the security ecosystem of the organization than their SOC team does, having the ability to customize detections that fit their very own environment on top of all the out-of-the-box Huntersโ TTP-based detection is a key advantage.
With Custom Detections users can add their own detection logic on top of the ingested and normalized data, defining their own detection rules or using logic taken from external public repositories in order for the platform to apply that logic on the ingested data. As part of the Custom Detections feature, users can also define the base score, associated MITRE ATT&CK TTPs and other metadata. The Hunters XDR ecosystem is applied to Custom Detections. Signals and leads generated by these detections are automatically investigated, scored, cross-correlated and presented to the user with comprehensive context.
Dashboards & Reporting
The Hunters XDR Dashboard and Reporting capabilities allow security teams to use Huntersโ data (alerts, leads, MITRE ATT&CK TTPs, etc.) as well as raw data from the security data lake to create custom dashboards to visualize SOC metrics, monitor activity in the network, analyze threat trends and track the organization’s security posture.
Users can generate and share reports with peers and with other functions of the organizations.
Dashboarding can be used for these purposes and many others:
- Monitoring security team operations
- Tracking security threat trends
- CISO KPIs dashboard
- Executive IT-Security reports
- Organization security posture tracking
- IT-Security visibility
Recommendedย ITechย News: Apps Associates Launches Data Skylightโข
