CIO Influence
CIO Influence News Networking Security

Hunters Announces New Open XDR Capabilities Making it the Leading SIEM Alternative

Hunters Announces New Open XDR Capabilities Making it the Leading SIEM Alternative

Hunters, the leading Open Extended Detection and Response (XDR) platform, announced a set of capabilities that further strengthen its position as the leading alternative to SIEM for organizations that seek to accelerate their incident detection, investigation and response.

“The new capabilities further position Hunters as a platform of choice by customers looking to replace their SIEM with a modern XDR platform that is built for the security needs of today’s enterprise,” said Noam Biran, vice president of product at Hunters. “Hunters XDR is becoming a central tool for security operations, used by some of the world’s largest organizations to connect telemetry from their entire security and IT environment, automatically turning signals into a cohesive view of real incidents, with context, in order to drive a rapid, effective SOC response.”

Recommended ITech News: Protiviti Offers Innovative Ransomware Service to Help Companies Combat Disruptive Attacks

To learn how NETGEAR used Hunters to replace its SIEM, join a FREE Lunch and Learn as part of the Virtual Black Hat 2021 conference, Thursday, August 5th, 2021 12:20 -1:00 pm PT/ 3:20-4:00 EST. Step 1: Sign up for Black Hat, ‘Free Business Pass’; Step 2: Register for the Lunch and Learn.

Enhanced Automatic Investigations

One of the most critical gaps organizations face in their Threat Detection and Incident Response program is the complexity of incident investigation. While security teams have deployed a variety of tools and sensors (e.g., EDR, NDR, Cloud security, Email security, Identity and others) that alert on suspicious behaviors, it takes a lengthy and usually complex process for security analysts to connect the dots and form a coherent view of an incident before being able to contain and remediate it.

The process of manually stitching together siloed threat signals is extremely time-consuming, often frustrating, and in many cases inaccurate, due to the lack of context with alerts and the skills needed for correctly identifying seemingly unrelated signals.

Recommended ITech News: Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle, Minimize Business Impact

Hunters XDR changes the paradigm of incident detection. While other solutions deploy a variety of mechanisms to filter out noise, Hunters technology does the opposite – it amplifies true positive signals through its dynamic scoring and automatic investigation mechanism.

The Hunters XDR automatic investigation capability eliminates the need to sift through hundreds or thousands of daily alerts, giving security analysts more time to work strategically. A new upgrade to this capability provides even more context to enable a more thorough and effective understanding and triage. Every alert in the Hunters platform is now enriched with additional supporting data correlated with information from external sources. In order to do so, investigations now focus on the key entities involved in a specific activity and automatically provide explanations and insights on what happened.

Auto-Investigations are grouped into key meaningful entities that are related to the alert such as host, person, process and others, each with its own related attributes, enrichments and activity data, that enable a deeper understanding of the inter-relation between them and, as a result, of the maliciousness of the alert.

Recommended ITech News: Epiphany Systems Announces Strategic Partnership with Armis to Identify Critical Attack Paths Across OT and IT Environments

Learn more about Hunters’ Auto-Investigation and Scoring mechanisms in our recent blog.

Custom Detections (or “Rule-Writing” 2.0)

Hunters XDR’s pre-built detections provide comprehensive coverage out-of-the-box, but customers can also add their own detection logic into the platform to easily query the data without writing a single line of SQL.

The rule-writing approach for detection that legacy SIEMs employ is cumbersome, noisy and inefficient, and since no one knows better the security ecosystem of the organization than their SOC team does, having the ability to customize detections that fit their very own environment on top of all the out-of-the-box Hunters’ TTP-based detection is a key advantage.

With Custom Detections users can add their own detection logic on top of the ingested and normalized data, defining their own detection rules or using logic taken from external public repositories in order for the platform to apply that logic on the ingested data. As part of the Custom Detections feature, users can also define the base score, associated MITRE ATT&CK TTPs and other metadata. The Hunters XDR ecosystem is applied to Custom Detections. Signals and leads generated by these detections are automatically investigated, scored, cross-correlated and presented to the user with comprehensive context.

Dashboards & Reporting

The Hunters XDR Dashboard and Reporting capabilities allow security teams to use Hunters’ data (alerts, leads, MITRE ATT&CK TTPs, etc.) as well as raw data from the security data lake to create custom dashboards to visualize SOC metrics, monitor activity in the network, analyze threat trends and track the organization’s security posture.

Users can generate and share reports with peers and with other functions of the organizations.

Dashboarding can be used for these purposes and many others:

  • Monitoring security team operations
  • Tracking security threat trends
  • CISO KPIs dashboard
  • Executive IT-Security reports
  • Organization security posture tracking
  • IT-Security visibility

Recommended ITech News: Apps Associates Launches Data Skylight™

Related posts

Electra Vehicles, Inc. Welcomes Electric Vehicle Industry Expert Alexander Hitzinger to Board of Directors

Cloudflare Joins Microsoft Intelligent Security Association

CIO Influence News Desk

TECNO CAMON series to be the first to release MediaTek’s latest Helio G96 chips in the African market

CIO Influence News Desk

Leave a Comment