CIO Bulletin

Hunters – Revolutionizing Security Operations by Combining Data Engineering, Security Expertise, and Layers of Automation

Data breaches, malware infections, and cyber-attacks are common occurrences for organizations both large and small. Detecting and eradicating these threats before they cause any adverse effects has become a daily priority for IT managers. Many IT departments are dealing with the problem by building a separate security operations center (SOC), either in the organization or through a security services provider. A security operations center centralizes an organization’s IT security monitoring and incident response activities in a single location and is responsible for remediating both internal breaches and external cyber-attacks. Maintaining strong corporate cybersecurity can be expensive. A company may require multiple platforms and licenses in order to achieve comprehensive visibility and protection against cyber threats. A centralized SOC enables an organization to reduce these costs by sharing them across the entire organization. Elimination of departmental silos reduces the additional overhead associated caused by duplication and redundancy. Addressing these threats is the responsibility of an organization’s Security Operations Center (SOC). The SOC should provide round-the-clock monitoring for cyber threats and the ability to engage immediately in incident response.

Hunters is one such company that consists of group of cyber and technology experts with a mission to democratize security operations by combining data engineering, security expertise and layers of automation to expedite decision making, helping security teams become attack-ready. Hunters infuses how attackers think and act into a platform that helps security operations see and stop attacks at their root.

Hunters Revolutionary Product Suite

Hunters XDR: It is a purpose-built, turn-key security data and analytics platform, providing cloud-scale access to telemetry sources across the entire attack surface coupled with automated event correlation, investigation and prioritization. It is an emerging set of technologies aimed to collect and automatically correlate data from multiple securities and IT sources, unifying them into a single threat detection, investigation, and response platform. Using cloud connectors to pipe into existing security tools, or directly connecting to SIEM, Hunters XDR ingests logs, events and telemetry from dozens of data sources on-premises and in the cloud. Hunters XDR extracts both raw data and alerts from existing security data using a stream processing analytics technology which enables near real-time processing and complex analytics. Threat signal extraction is guided by Hunters’ TTP-based detections. In order to accelerate analyst understanding of threat signals and alerts, Hunters runs automatic investigations. It fetches all relevant information associated with those, and automatically enriches them with further context.

Once there is enough context around threat signals and alerts, Hunters XDR leverages ML to dynamically score them from zero to 100, allowing for an easy prioritization and quick triage. As more data is ingested, prioritization continues to update as insights evolve too. Hunters XDR uses unsupervised machine learning to correlate signals and alerts across disparate areas of suspicious activity in an interactive graph, and surfaces actionable Attack Stories which include full attack summary and outline. With Hunters XDR, detection and response can be streamlined by escalating Attack Stories into SOAR tools and other existing workflows, enabling response automation and reducing attackers’ dwell time.

Open XDR Integrations: Its customers have been investing in powerful security products for years. They help take their detection and response to the next phase, finally connecting the dots between these products. Hunters’ best-of-breed technology integrations are at the core of its open XDR, spanning across multiple security products and data sources. Leverage endpoint telemetry and connect it to cloud, network and identity data to extend existing detections into new attack surfaces. Eliminate the silos of cloud detection and response by connecting cloud workload data to on-premises telemetry and other security data. Detect and respond to complex attacks by correlating SWG telemetry and firewall logs with security data from beyond the corporate perimeter. Add a key knowledge source with identity-driven data to obtain high fidelity correlations and Attack Stories when connected to additional data sources and security telemetry. Obtain full visibility on email attacks: EDR solutions detect once a malicious file is executed in a specific endpoint, but having the full trace of the malicious email in the organization is key.

The Leader Upfront

Uri May, co-founder also serves as the Chief Executive Officer of Hunters.