With the SecureX Threat Hunting feature, organizations can add an active, managed threat hunting practice to their environment
As advanced threats continue to proliferate throughout an organizations’ IT infrastructure, threat hunting has become an important part of the overall security strategy. Threat hunting has typically been saved for the most mature environments where skilled personnel leverage knowledge and tools to formulate and investigate hypotheses relating to their organization’s security across the threat landscape. Fortunately, with technology advancements and automation, threat hunting is now within the reach for every organization.
There are five key challenges that organizations face when trying to implement a threat hunting practice on their own.
- Limited Resources – Organizations are struggling in sourcing talented threat hunters. They are also challenged with their limited capability, legacy infrastructure and architecture
- Alert Prioritization – There are floods of alerts daily and it is difficult to prioritize investigations, compounded by the fact that it is difficult to identify the source of the threat
- Effective Intel Usage – It is difficult to operationalize threat intelligence and many sources are often unreliable and out-of-date
- Internet-wide threat visibility – Organizations struggle with how to identify where attackers stage attacks and how domains, IPs, ASNs, and malware are connected
- Threat Hunting has a maturation journey – When organizations begin a threat hunting practice, they typically start with only the low–level IOCs hunts and have to advance to higher levels, which takes time
SecureX Threat Hunting, a feature of Cisco AMP for Endpoints, uniquely identifies threats, alerting organizations before they can cause further damage by:
- Uncovering hidden threats faster across the attack surface – Using MITRE ATT&CK™ and other industry best practices
- Improving security posture instantly – Adding an established threat hunting practice to significantly advance your security maturation
- Reducing alert fatigue – Through SecureX Threat Hunting your organization receives fewer, high confidence, and high impact actionable alerts
Our new threat hunting feature combines our Orbital Advanced Search feature with expertise from elite threat hunters to proactively find more sophisticated threats. Once threats are detected, customers are notified within their AMP Console, so they can begin remediation. The AMP Console features a Threat Hunting report that shows the new findings with all of the relevant context and events mapped to MITRE ATT&CK™ TTP’s, together with recommendations for incident responders on what to do next to further investigate or remediate based on the findings.
Threat Hunting is critical because legacy security tools fail to stop advanced threats, sophisticated attackers make detection extremely difficult, and even artificial intelligence and machine learning techniques may fall short in stopping all attacks.
Cisco SecureX Threat Hunting is an analyst-centric process that uncovers hidden advanced threats, missed by automated and detective controls in our customers’ environments. Our threat hunting adds significant value to their organizations through:
- Reduction in dwell time (infection to detection)
- Reduction in breakout time (initial compromise to lateral movement)
- Increased exfiltration detection (data detected leaving your organization)
- Decreased time to containment (detect/ prevent spread or lateral movement)
One of our beta SOC Manager customers was quoted after our threat hunting delivered a high-fidelity alert active in their environment as saying, “We were working on that computer that evening, when we got a notification from Cisco. I love this product (SecureX Threat Hunting), I love the remediation steps, the backend intelligence on correlation and what the campaign is, and how to handle it, and how to remediate. It is exactly a product we want, makes sense of all alerts, and tells us what to do exactly”.
Click here to learn more about this offering as well as to see a package comparison of all the AMP for Endpoints offerings. You can also sign up for our virtual Threat Hunting Workshop, or request a free trial.