Security operations · 3 MIN READ · PETER SILBERMAN · MAY 11, 2021 · TAGS: Cloud security / Company news / MDR / Tech tools / Threat hunting
Great security strategy is made up of a multi-layered approach.
It involves, but isn’t limited to, detecting suspicious activity in real time, using proactive security controls and policies – and if you have the time (try not to laugh too hard here) – actively looking (or hunting) for threats.
Hunting has traditionally looked for spots where an attacker slipped through without setting off alarm bells.
But with the current tech transformation – adoption of SaaS, use of cloud infrastructure, introduction of new (and amazing) services to make developers and users more efficient – we think it’s time to expand on what hunting can find.
Hunting gives you visibility into interesting things happening in your environment –
like users modifying configurations or adding applications that can decrease your security posture along with activity that can indicate process breakdowns or genuinely suspicious activity.
We think of these findings as insights.
And these insights help our customers truly understand their environment and can keep bad stuff from happening.
With more and more orgs using multiple cloud providers to store all the things, hunting (and the insights it produces) is an important part of any security strategy.
Which is why we’re introducing new hunting techniques for our customers that focus on – you guessed it – cloud.
What’s new
Expel Hunting now offers coverage in Amazon Web Services (AWS) and Microsoft Azure to help find blind spots. We’re newly armed with a set of targeted cloud hunts, focused on key pieces of information you may be missing.
Transparency – We lay our cards on the table so you know exactly what we’re doing for you. For every hunt, we’ll show you the work that went into it. We’ll tell you our methodology – mapped back to the MITRE ATT&CK framework, the data we pulled, what tech we used and the outcomes. It’s important for you to see what we’re doing and why – so you can learn too.
Expanded scope – We’re constantly adding to our library of hunt techniques based on activity we see among our clients. Which is why we’ve added new hunts focused on cloud environments and applications.
Insights – While we’re running through your logs, we’ll tell you what normal looks like for you and surface activity that something does not seem right. These findings provide visibility into your environment that you didn’t know about otherwise. You can put these insights into action and better secure your environment.
What you’ll get with Expel Hunting
More value out of your existing tech
No need to go out and buy more stuff. We’ll hunt across your environment with the tools you’ve already invested in. The more we connect to, the more we can hunt for. Breaking down these silos helps make your team and existing investments stronger.
Uncover more than threats
We hunt beyond what is malicious. As we comb through your data, we flag strange activity that falls outside of “normal” like misconfigurations in your infrastructure that could be increasing your cloud costs. With expanded insight into your environment, you’ll get an in-depth analysis of your logs and shine light on anomalous activity that would not be found through detection.
Hunt techniques aligned to your unique risks
Do you want to hunt in the cloud, in SaaS apps or on-prem? You got it. We take a close look at your environment and let you know exactly what hunting techniques we can use and the types of things we’re able to find.
More sleep
Don’t lose sleep after reading the latest Reddit article that leaves you wondering: How do I know we’re not affected? By working with Expel, you’ll have more confidence when the latest threat strikes, knowing that we’re protecting you against emerging threats and improving your security posture. (We can’t, however, help with sleep problems related to noisy neighbors, pets, children with an inexplicable abundance of energy … you get the idea.)
Ready to go on the hunt?
We sure are.
If you’re curious as to what others think about Expel Hunting, take a look at the Q1 2021 Forrester Wave™ Report, where Expel was ranked five out of five when it comes to threat hunting.
Let us help so that your team can get back to focusing on the highest value security work – and get you back to doing what you love.