Trustwave updates its threat hunting to find unknown dangers
Threat hunting takes a proactive approach to identifying the security issues an organization might face. But since it tends to be based on intelligence about current threats it can overlook new ones.
Now though Trustwave has enhanced its Advanced Continual Threat Hunting platform, offering resulting in a three times increase in behavior-based threat findings that would have gone undetected by current Endpoint Detection and Response (EDR) tools.
It uses experienced and specialized security threat hunters who study the tactics, techniques, and procedures (TTPs) -- behavior -- of the most sophisticated threat actors in the world. Trustwave’s new intellectual property goes beyond Indicators of Compromise (IoC) to uncover new or unknown threats that evade existing security tools by hunting for Indicators of Behavior (IoB), associated with specific threat actors.
Within the Advanced Continual Threat Hunting platform, Trustwave threat hunters continuously develop thousands of queries across multiple Endpoint Detection and Response technologies and map them to the MITRE ATT&CK framework. From there, its patent pending platform leverages those queries through automation to specifically hunt for the IOBs of specific threat actors at scale, across all its threat hunt clients and a variety of supported EDR tools at one time.
Shawn Kanady, global director of Trustwave SpiderLabs, says:
What a hunter would do is take IoCs and go look in their customer environment or in their own environment to see if those appear anywhere. Which is great, but you're reacting to something that you've seen out there.
What we did was look at the MITRE ATT&CK framework and the EDR technology and built a tool where instead of hunting for indicators of compromise or focusing on just some random thing, what we're doing is we're hunting for behaviors that indicate bad actors. In this way, you start discovering new IoCs that were previously unknown, because IoCs have a shelf life, actors are always dynamically changing things and they're also watching the wires.
As new threat hunt findings are discovered, Trustwave applies the learnings to bolster its detection and response capabilities across its Managed Detection and Response (MDR) clients. In addition, threat hunters conduct hunts based on Trustwave's global curated threat intelligence, which includes malicious activity discovered in client environments across its products and services and externally sourced threat intelligence.
You can find out more and request a demo on the Trustwave site.
Image Credit: underverse /Shutterstock