Empowering security teams to automatically identify and respond to incidents that matter across your attack surface: Hunters

Hunters is a group of cyber and technology experts with a mission to revolutionize security operations by combining data engineering, security expertise and layers of automation to expedite decision making, helping security teams become attack-ready. Hunters infuses how attackers think and act into a platform that helps security operations see and stop attacks at their root. To effectively detect, investigate and respond to today’s complex threats; organizations need access and long-term retention of all security data, without compromise. While SIEM suffers from unworkable cost models, lengthy data onboarding processes, and limited data capacity that undermine SOC effectiveness, Hunters provides unlimited, seamless data ingestion at a predictable cost. Hunters SOC Platform deploys built-in data engineering capabilities to an embedded Snowflake Data Lake, applying ETL and schema mapping - making the data ready and available to be used for threat detection and response.

A visual, easy-to-use interface for threat hunters to search for IOCs, TTPs and any entity within the organization. Helps unveil all related entities to any domain. Threat hunting involves actively looking for traces of cyber attacks (past and present) in an IT environment. Cyber threat hunters are security professionals who proactively and iteratively detect and act on advanced attack traces before any alerts are generated by security controls. Hunters’ Detection Engine covers the approximately 80% of threat signals that are common to most organizations, leaving threat hunters to focus on the 20% that are unique to their organization. Write custom detection rules with no need for SQL, and map them to relevant MITRE ATT&CK Tactics, Techniques and Procedures (TTPs). Eliminate the pain of context switching by detecting signals across the entire security environment in one interface. Easily investigate them using the platform’s intuitive search capabilities - no manual rule-writing required.

Threat triage has never been easier, with Hunters’ risk scoring and investigation mechanism powered by machine learning. Hunters’ graph-based correlation engine allows lower-fidelity threat signals to be used to contextualize an attack, which may be missed by looking at alerts individually. Once a potential incident is detected from a group of correlated signals and alerts, the Hunters platform automatically packages them into a human-readable attack story. Stories provide analysts with a clear understanding of the attack and its impact, accelerating the response workflow.

Mitigate threats

Hunters SOC Platform offloads the critical burden of data engineering and manual analyst workflows, enabling teams to automatically identify and respond to threats with ease and scale. Enable security teams to leverage all data sources across domains (cloud, endpoint, network, identity, email, etc.) without compromise. Unlimited data is seamlessly ingested and mapped into a unified schema, ready for the detection and investigation workflow. Remove the burden of ongoing rules creation and maintenance with an always up-to-date detection engine that surfaces and enriches disparate signals across data sources. Stop chasing false positives and remove exhaustive, repetitive work to focus the analyst efforts on triage and response. Unique graph-based correlation automatically links relevant data, simplifying triage and accelerating time to understand the attack.

• Focus on a list of prioritized incidents based on their risk score
• See the entire attack story with its details, including root cause, timeline, affected users, endpoints and related entities and more
• Cut attackers' dwell time with clear context and remediation steps 

Untapped potential in security operations

Security operations teams are continually searching for more technically advanced and cost-efficient ways to defend the enterprise. Today, a key topic in this discussion is automation. But while automation in security has been around for years, it is still a vastly underutilized opportunity. In security operations, the conversation around automation is heavily centered on security orchestration, automation and response, or SOAR. But automation still has limited application across the full SOC workflow. It’s true that response automation is well adopted and effective, but it’s also the last phase of the security operations workflow. Focusing automation exclusively on SOAR means ignoring several key phases - data ingestion and management, detection, and investigation and triage - which all have to happen before response automation can begin. Clearly, automation has untapped potential in security operations.

Security operations is notorious for its high analyst turnover. One contributor to this challenge is the repetitive, mundane and manual investigation work that requires constant switching across numerous tools, as well as weeding through a high degree of false positives. This routine not only exhausts analysts leading to burn out, but it also impedes upskilling by reducing the time available to spend on more challenging investigations. Interestingly, in recent boardroom discussions Hunters encountered that investigation was the phase of security operations least associated with automation (response being the predominant phase). When data is fully ingested, normalized, and retained for accessibility, detection is now able to be effectively automated, and at considerable scale.

This automation then empowers automated investigations, with features like full search on retained data, correlated graphs, automated enrichment, and attack stories that link and present the who, what, and where of an attack on an easy-to-consume timeline. These outcomes of automated investigation enable security analysts to digest, inspect, and quickly triage risk-prioritized attacks, instead of the limited and prolonged manual investigations still required by SIEMs. When a system is architected for today’s IT environment, applying automation empowers further efficiency in the SOC workflow. Hunters SOC Platform focuses on that dynamic, designed to manage the scale and variety of data, using automation to align and streamline the security operations workflow. Hunters tackles data, detection, investigation and response in a single integrated, low-maintenance platform that fully exploits the advantages of a cloud-based SaaS solution.

Uri May, CEO and Co-Founder

“Break the paradigm of more data creating more noise, forcing increased staffing and budget. Easily ingest and retain all your data, without compromise, at a predictable cost.”