Adversaries, and cybercriminal organizations in particular,
are building tools and using techniques that are becoming so difficult to detect that organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to
“go on the hunt.”
Threat hunting is the proactive technique that’s focused on
the pursuit of attacks and the evidence that attackers leave
behind when they’re conducting reconnaissance, attacking
with malware, or exfiltrating sensitive data. Instead of just hoping that technology flags and alerts you to the suspected activity, you apply human analytical capacity and understanding about environment context to more quickly determine when unauthorized activity occurs. This process allows attacks to be discovered earlier with the goal of stopping them before intruders are able to carry out their attack objectives.
Until there were tools available that could give analysts a
data?centric view of what was going on in their environments,
all organizations had were the time?proven, but no?longereffective,
log review techniques for discovering that the horse escaped from Response is one of these data?centric tools. More than that, Response is an industry?leading tool that puts wheels on the threat hunting bus and gives threat hunters the upper hand in today’s cyberwars.