Using a technique called Forensic State Analysis, our threat hunting appliance goes above and beyond behavioral analysis and IOC detection. This technology will allow you to come as close as one can get to being able to say, “this endpoint is clean” (or not). Endpoint monitoring tools like EDR will never be able to make that claim. It’s simply not their designed function.
Automate the Hunt
For customers with SIEM, network traffic analysis, EDR, IDS, or NGFW solutions, Cyber Threat Hunting can be taken to the next level with some simple integration.
All these devices provide detection, observation of suspicious activities, behavioral notifications, alerts and alarms. So why not let the machines validate these events with a light-weight forensic scan of the endpoint involved? For example, if your IDS spots malware that blew past your NGFW and landed on a server, and you didn’t see anything from your EDR because the malicious payload remained dormant (for now), why not let that event trigger an automatic forensic inspection of the endpoint? Confirm the possibility of a breach in approximately 90 seconds with an Automated Cyber Threat Hunt.
Real Time Remediation
If the automated cyber threat hunt gives you the unfortunate answer of “System Compromised” then once again, let the machines handle it in real time. There is no need to wait, nor is there any time to wait for an Incident Responder to investigate. High-confidence forensic state analytics (i.e. cyber threat hunting) allows for automated remediation. Take the endpoint offline. Disable the user account. Remove the host from the domain. Send rules to the firewall or SDN to prevent further communication. Depending on the
