Trustwave, a leading cybersecurity and managed security services provider, today relaunched its Advanced Continual Threat Hunting platform with a unique, patent-pending methodology that enables its elite SpiderLabs threat hunting teams to conduct significantly more human-led threat hunts. Trustwave’s enhanced offering and methodology has resulted in a 3x increase in behavior-based threat findings that would have gone undetected by current Endpoint Detection and Response (EDR) tools.
Trustwave Advanced Continual Threat Hunting is conducted regularly by experienced and specialized security threat hunters who study the tactics, techniques, and procedures (TTPs)—behavior—of the most sophisticated threat actors in the world. Trustwave’s new approach goes beyond Indicators of Compromise (IoC) to uncover new or unknown threats that evade existing security tools by hunting for Indicators of Behavior (IoB), associated with specific threat actors.
“Traditional threat detection and prevention tools based on IoCs and EDRs alone are not sufficient to stop sophisticated threat actors who know how to evade detection,” said Shawn Kanady, Global Director of SpiderLabs Threat Hunt Team at Trustwave. “Our patent-pending Advanced Continual Threat Hunting platform, paired with our human-led, hypothesis-based approach, allows us to detect unknown threats that others don’t much faster.”
Within the Advanced Continual Threat Hunting platform, Trustwave threat hunters meticulously and continuously develop thousands of queries across multiple Endpoint Detection and Response technologies and map them to the MITRE ATT&CK framework. From there, its patent-pending platform leverages those queries through automation to specifically hunt for the IOBs of specific threat actors at scale, across all its threat hunt clients and a variety of supported EDR tools at one time. Trustwave SpiderLabs Advanced Continual Threat Hunting adds value by not only determining if there is a threat actor in the environment, but also by raising awareness to opportunities of compromise before an attacker can exploit it.
“Armed with the latest threat intelligence and our behavior-based approach, we proactively hunt for indicators of behavior to uncover sophisticated actors, zero-days, security gaps, and hidden threats while providing our clients actionable recommendations to mitigate risk before serious damage is done,” said Spencer Ingram, Senior Vice President of Operations at Trustwave. “These are early-discovery capabilities organizations find impossible to replicate in-house due to the investment, skilled talent, current and historical intelligence, and the technology required.”
As new threat hunt findings are discovered, Trustwave applies the learnings to bolster its detection and response capabilities across its Managed Detection and Response (MDR) clients, providing scale and benefits to its global client base. In addition, threat hunters conduct hunts based on Trustwave’s global curated threat intelligence, which includes malicious activity discovered in client environments across its products and services and externally sourced threat intelligence.
Trustwave Advanced Continual Threat Hunting Benefits:
- Human-led advanced threat hunting conducted at scale with the latest threat actor intelligence to detect what others can’t much faster
- Discover malicious behavior-based activity that existing security technologies cannot
- Uncover hidden or persistent threats to actively reduce the attack surface
- Identify potential insider threats
- Raise awareness to potential security gaps and risks with recommendations to mitigate
- Discover IT and policy misconfigurations that create additional attack opportunities
- Continual updates to threat intelligence and detection content after discovering new indicators of compromise
- Instantly benefit from global client base—after a newly discovered threat is found in one client environment, all clients will be protected
The solution supports the most popular EDR technologies available, such as Microsoft Defender for Endpoints, Palo Alto Networks Cortex XDR, SentinelOne, and more.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!