Threat hunting is often misused as “detection”. While threat detection identifies known threats using indicators and behaviors, threat hunting takes it to another level by identifying the unknown. In order to do threat hunting right, you need the right tools, and most importantly, the right data. Rich metadata collected from network sensors, endpoints, and cloud environments allows for cross-session, multi-faceted and malware behavior analysis, which are critical for post-breach detection and threat hunting of the unknown.
A High-Powered Tool For High-Powered Teams
Attackers Hide in Blind Spots –
Threat Hunting Identifies the Unknown
Attackers are sophisticated and design threats to evade traditional prevention and detection methods. In many breaches, the attacker has been inside the organization’s environment for months on end. Threat hunting is the discovery of malicious artifacts, activity or detection methods not accounted for in passive monitoring capabilities. Essentially, threat hunting is the process of identifying unknown threats that otherwise would be hiding in your network and on your endpoints, stealing sensitive data.
Pivot To Endpoint In Seconds
Immediate Forensic Evidence
Threat Hunting and Detection are Not One in the Same
The Biggest Barriers to Threat Hunting are Lack of Time and Skills
In the Fidelis 2019 State of Threat Detection Report, only 46% of all respondents said they currently employ threat hunting.
Fidelis’ Threat Hunting Platform:
Designed by Threat Hunters, for Threat Hunters
The Fidelis Elevate™ platform delivers one seamless threat hunting and IR solution that provides the visibility, insight and speed to hunt for threats through the forensic depth required to facilitate a rapid and informed response.
- Query over 300 data attributes and custom tags
- Storage up to 360 days
- Alert aggregations into conclusions to increase efficiency
- Pull files and images immediately for forensic analysis and evidence
- Conduct memory analysis in seconds
- Run scripts on all endpoints with click of a button
- Use deception to lure attackers
- Detect human vs. machine traffic
- Use poisoned data and fake credentials to detect lateral movement
One Big Picture
- One single pane of glass across network and endpoint security capabilities
- Quickly pivot on content and context between network, endpoint and deception products
- Detect threats at any points across the kill chain
Metadata: The Secret Sauce to Threat Hunting
In order to find attackers who are working hard to stay out of sight, you need to collect the right data to find them. Fidelis Elevate captures and breaks down sessions into rich metadata at the content and context level. The richer the metadata you have indexed, the richer the set of questions you can query and search as part of your threat hunting efforts, and the faster you can interact with high speed iteration.
Our metadata and resultant analytical power are above and beyond what is on the market today and allows you to take threat hunting to the next level. Step up above the common activity of logs and events and move up to metadata with rich content and the context you need to detect and hunt for unknown threats.
Speed Your Threat Hunting with Rapid Search Capabilities
Using rich, indexable metadata means extremely fast search and query results. Fidelis enables you to complete searches in seconds or minutes unlike the hours or even days it can take to search with many other solutions.
Close the Loop:
Quickly Pivot from Threat Hunting to Incident Response
If you prove your threat hunting hypothesis correct, you need to act quickly and deliberately to respond and limit damage. Fidelis Elevate enables threat hunters and incident responders to take control and reach critical forensic data at the click of a button – all in one single pane of glass.
Isolate Endpoints Immediately
Seamlessly run automated scripts to assess the extent of the damage and isolate the compromised machines in question.
Capture Forensic Evidence
The days of having to contact the IT help desk to collect evidence are over. With Fidelis, you can pull files and conduct memory analysis instantaneously to collect evidence. This is one of the biggest struggles in IR as threat hunters are traditional network OR endpoint specialists, not both – this bridges that gap.
Automate Responses for the Future
If you have proven your threat hunting hypothesis correct and remediated the threat, you don’t need to go through the whole process again. With Fidelis, you can write custom scripts and playbooks that trigger and auto-respond so you never have to worry about that specific vulnerability exploit or threat again.
What Clients and Experts Are Saying
View the Report“One of our favorite takeaways from using a platform such as Fidelis Elevate was being able to exercise the concept of holistic visibility, meaning the environment is ingested, analyzed and treated as a single unit. Holistic visibility allows for threats to be analyzed and neutralized faster,...Matt Bromiley, Analyst
"With Fidelis Deception, we’re changing the rules of the game. Now we have the attackers running for cover because they understand that we can find them even if they managed to bypass our perimeter."Fortune 1000 Company, Head of Security
View the Report“We found that Fidelis Endpoint offers organizations a robust capability for gaining high level insights into the state of their various endpoints, while also offering drilldowns into key granular details that are crucial for effective detection and response. But perhaps our biggest highlight,...Matt Bromiley, Analyst
Enabling Your Best for Threat Hunting
The seamless integration of Fidelis Endpoint, Fidelis Deception and Fidelis Network provides customers with one powerful, unified platform that empowers threat hunting. A threat hunter can pivot directly from network traffic to the endpoint(s) in question, and then execute a task for all endpoints to understand the scope of the infection.
The Benefits of Threat Hunting with Fidelis
Fidelis Elevate enables organizations to improve investigation functions, automate processes, and improve query and search capabilities so you can move quickly to find a threat, no matter how sophisticated.
Improved Visibility &
With metadata being gathered from network and cloud traffic and endpoint activity – organizations can get reliable and precise visibility of their entire environment in real-time and to conduct retrospective threat hunting.
Transition from Reactive
to Proactive Posture
Organizations often lack the resources and time to implement regular threat hunting. In addition to the benefits of our technology, you can rely on our team of experts to conduct threat hunting sessions and uncover unknown threats in your environment.
Making Threat Hunting a Reality With Fidelis
Watch a demo of Fidelis Elevate facilitating threat hunting in a Live environment.
You’ll find out:
- The difference between threat detection and threat hunting, and what expertise is required.
- The importance of having the right data for real-time and retrospective analysis.
- How to carry out an effective hunt.
- Automating data collection, investigation steps, and response.