With the SecureX Threat Hunting feature, organizations can add an active, managed threat hunting practice to their environment
As advanced threats continue to proliferate throughout an organizations’ IT infrastructure, threat hunting has become an important part of the overall security strategy. Threat hunting has typically been saved for the most mature environments where skilled personnel leverage knowledge and tools to formulate and investigate hypotheses relating to their organization’s security across the threat landscape. Fortunately, with technology advancements and automation, threat hunting is now within the reach for every organization.
There are five key challenges that organizations face when trying to implement a threat hunting practice on their own.
SecureX Threat Hunting, a feature of Cisco AMP for Endpoints, uniquely identifies threats, alerting organizations before they can cause further damage by:
Our new threat hunting feature combines our Orbital Advanced Search feature with expertise from elite threat hunters to proactively find more sophisticated threats. Once threats are detected, customers are notified within their AMP Console, so they can begin remediation. The AMP Console features a Threat Hunting report that shows the new findings with all of the relevant context and events mapped to MITRE ATT&CK TTP’s, together with recommendations for incident responders on what to do next to further investigate or remediate based on the findings.
Threat Hunting is critical because legacy security tools fail to stop advanced threats, sophisticated attackers make detection extremely difficult, and even artificial intelligence and machine learning techniques may fall short in stopping all attacks.
Cisco SecureX Threat Hunting is an analyst-centric process that uncovers hidden advanced threats, missed by automated and detective controls in our customers’ environments. Our threat hunting adds significant value to their organizations through:
One of our beta SOC Manager customers was quoted after our threat hunting delivered a high-fidelity alert active in their environment as saying, “We were working on that computer that evening, when we got a notification from Cisco. I love this product (SecureX Threat Hunting), I love the remediation steps, the backend intelligence on correlation and what the campaign is, and how to handle it, and how to remediate. It is exactly a product we want, makes sense of all alerts, and tells us what to do exactly”.
Click here to learn more about this offering as well as to see a package comparison of all the AMP for Endpoints offerings. You can also sign up for our virtual Threat Hunting Workshop, or request a free trial.