Acalvio Staging

Threat Hunting

[et_pb_section fb_built=”1″ admin_label=”Header” _builder_version=”4.7.0″ background_image=”https://acalvio.p2staging.us/wp-content/uploads/2020/05/2020_Acalvio_Secondary_1920x486_14-Cloud.jpg” custom_margin=”0px|0px|0px|0px”][et_pb_row admin_label=”Header: Product Page ” _builder_version=”4.7.0″ background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text admin_label=”HEADER: High Efficiency Threat Hunting” _builder_version=”4.7.0″ text_text_color=”#ffffff” text_font_size=”32″ header_font=”|600|||||||” header_text_align=”center” header_text_color=”#ffffff” header_font_size=”42px” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_text_color=”#ffffff” header_2_font_size=”36px” text_orientation=”center” background_layout=”dark” module_alignment=”center” text_font_size_tablet=”” text_font_size_phone=”” text_font_size_last_edited=”on|phone” header_font_size_tablet=”36px” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” header_2_font_size_tablet=”30px” header_2_font_size_phone=”20px” header_2_font_size_last_edited=”on|phone”]

High Efficiency Threat Hunting

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.7.0″ _module_preset=”default” background_enable_image=”off”][et_pb_row _builder_version=”4.7.0″ _module_preset=”default”][et_pb_column type=”4_4″ _builder_version=”4.7.0″ _module_preset=”default”][et_pb_text admin_label=”Previously considered only appropriate for the most sophisticated organizations, Threat Hunting is now going mainstream.” _builder_version=”4.7.0″ text_font_size=”28″ text_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_line_height=”1.3em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone”]

Previously considered only appropriate for the most sophisticated organizations, Threat Hunting is now going mainstream. Threat Hunting activities are mandatory to reduce risk and to meet the requirements of recommendations such as the NIST CyberSecurity Framework. The challenge is to execute these activities with limited staff and budget. Advanced Deception solutions are very well suited to meeting this challenge: You simply configure and deploy deception assets such that attackers who satisfy your hunting hypothesis will be attracted to them.

[/et_pb_text][et_pb_text admin_label=”As an example, consider this common situation” _builder_version=”4.7.0″ _module_preset=”default” text_font_size=”28″ text_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_line_height=”1.3em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone”]

As an example, consider this common situation: A firm discovers than an attacker has established a malware foothold on a device within their network. The malware is observed using specific techniques for reconnaissance and lateral movement. How can they efficiently determine whether the attacker has a presence on any other devices? They could take the brute force approach and explore all network endpoints, but this will be very time consuming, expensive, and wonbt cover endpoints that come and go.

[/et_pb_text][et_pb_text admin_label=”A much better approach is the Threat Hunterbs paradigm” _builder_version=”4.7.0″ _module_preset=”default” text_font_size=”28″ text_line_height=”1.3em” ul_font_size=”18px” ul_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_line_height=”1.3em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone”]

A much better approach is the Threat Hunterbs paradigm:

  • Define a hypothesis b In this case that the attacker has other endpoints compromised and will try to move laterally using the same methodology
  • Test the hypothesis b deploy Deception assets specifically configured to lure the attack towards them. If he takes the bait and tries to compromise the Deception decoys, the (compromised) source devices will be immediately pinpointed.

[/et_pb_text][et_pb_text admin_label=”Note that this bActive Defenseb approach to Threat Hunting” _builder_version=”4.7.0″ _module_preset=”default” text_font_size=”28″ text_line_height=”1.3em” ul_font_size=”18px” ul_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_line_height=”1.3em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone”]

Note that this bActive Defenseb approach to Threat Hunting is much better than using passive techniques such as log or behavioral analysis to test the hypothesis. Among the advantages:

[/et_pb_text][et_pb_text admin_label=”Faster Easier Effective” _builder_version=”4.7.0″ _module_preset=”default” text_font_size=”28″ text_line_height=”1.3em” ul_font_size=”18px” ul_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_text_align=”center” header_4_line_height=”1.7em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone” custom_css_main_element=”text-align:center;”]

Faster b Less dwell time
Easier b Fewer high-skill resources
More Effective b Lower business risk

[/et_pb_text][et_pb_text admin_label=”Other examples of using ShadowPlex for Threat Hunting ” _builder_version=”4.7.0″ _module_preset=”default” text_font_size=”28″ text_line_height=”1.3em” ul_font_size=”18px” ul_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_line_height=”1.3em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone”]

Other examples of using ShadowPlex for Threat Hunting include:

  • Threat Intel Analysis: Test the hypothesis that adversaries known to be attacking other enterprises in the same vertical or region with a particular methodology are targeting your organization
  • Low Priority Alert Validation: Most organizations are forced to ignore vast numbers of alerts that are not prioritized high enough to be actively responded to. ShadowPlex makes it easy to test whether such alerts are actually indicators of high risk compromise that need to be addressed.

[/et_pb_text][et_pb_text admin_label=”Threat Hunting with Advanced Deception is low-risk” _builder_version=”4.7.0″ _module_preset=”default” text_font_size=”28″ text_line_height=”1.3em” ul_font_size=”18px” ul_line_height=”1.3em” header_2_font=”|700|||||||” header_2_text_align=”center” header_2_font_size=”32px” header_2_line_height=”1.3em” header_4_line_height=”1.3em” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|phone” header_2_font_size_tablet=”24px” header_2_font_size_phone=”16px” header_2_font_size_last_edited=”on|phone”]

Threat Hunting with Advanced Deception is low-risk, as you typically donbt touch production assets or communications flows. The hunting takes place within the domain of the deception assets, which are non-production. Lastly, Advanced Deception solutions offer much better engagement with threat actors, including isolating them in areas where they can do no damage but their TTPs can be further analyzed. For these reasons, Deception is well-suited to Threat Hunting requirements, even in organizations that are just starting to operationalize this important use case.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.7.0″ _module_preset=”default” module_alignment=”center”][et_pb_column type=”4_4″ _builder_version=”4.7.0″ _module_preset=”default”][et_pb_button button_url=”https://www.acalvio.com/threat-hunting-the-modern-way/” button_text=”BLOG” button_alignment=”center” admin_label=”https://www.acalvio.com/threat-hunting-the-modern-way/” _builder_version=”4.7.0″ custom_button=”on” button_border_color=”#a21d20″ button_use_icon=”off” background_layout=”dark” custom_margin=”30px|0px|30px|0px|true|true” custom_css_main_element=”background-color: #A21D20;margin-right:12px;” button_text_color_hover=”#ffffff” button_border_color_hover=”#ffffff” button_bg_color_hover=”rgba(255,255,255,0)” locked=”off” button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”on” button_text_color__hover=”#ffffff” button_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”on” button_border_color__hover=”#ffffff” button_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”on” button_bg_color__hover=”rgba(255,255,255,0)” button_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_button][et_pb_button button_url=”https://www.acalvio.com/deception-field-guide/” button_text=”The Definitive Guide to Deception” button_alignment=”center” admin_label=”https://www.acalvio.com/deception-field-guide/” _builder_version=”4.7.0″ custom_button=”on” button_border_color=”#a21d20″ button_use_icon=”off” background_layout=”dark” custom_margin=”0px|0px|0px|0px|true|true” custom_css_main_element=”background-color: #A21D20;” button_text_color_hover=”#ffffff” button_border_color_hover=”#ffffff” button_bg_color_hover=”rgba(255,255,255,0)” button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”on” button_text_color__hover=”#ffffff” button_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”on” button_border_color__hover=”#ffffff” button_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”on” button_bg_color__hover=”rgba(255,255,255,0)” button_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ admin_label=”CTA with side x side Buttons” _builder_version=”3.22″ background_image=”https://acalvio.p2staging.us/wp-content/uploads/2018/06/Acalvio_Secondary_1920x486_06.jpg” border_color_all=”#a21d20″][et_pb_row _builder_version=”3.25″ max_width=”80%” module_alignment=”center” use_custom_width=”on” width_unit=”off”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text admin_label=”Next Steps” _builder_version=”3.27.4″ text_text_color=”#ffffff” text_font_size=”24″ header_text_color=”#ffffff” header_font_size=”38px” custom_padding=”|25px||25px” text_font_size_tablet=”18″ text_font_size_phone=”14″ text_font_size_last_edited=”on|desktop” header_font_size_tablet=”28px” header_font_size_phone=”24px” header_font_size_last_edited=”on|phone”]

Next Steps

[/et_pb_text][et_pb_text admin_label=”Explore our patented technologies to enable Active Defense in your enterprise.” _builder_version=”4.7.0″ text_text_color=”#ffffff” text_font_size=”24px” background_layout=”dark”]

Explore our patented technologies to enable Active Defense in your enterprise.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row module_class=”btn-inline” _builder_version=”3.25″ module_alignment=”center” custom_css_main_element=” “][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_button button_url=”https://www.acalvio.com/resources-and-documents/case-studies/” button_text=”CASE STUDIES” admin_label=”CASE STUDIES button” _builder_version=”4.7.0″ custom_button=”on” button_border_color=”#a21d20″ button_use_icon=”off” background_layout=”dark” custom_css_main_element=”background-color: #A21D20;” button_text_color_hover=”#ffffff” button_border_color_hover=”rgba(255,255,255,0.5)” button_bg_color_hover=”rgba(255,255,255,0)” button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”on” button_text_color__hover=”#ffffff” button_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”on” button_border_color__hover=”#ffffff” button_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”on” button_bg_color__hover=”rgba(255,255,255,0)” button_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_button][et_pb_button button_url=”https://www.acalvio.com/schedule-a-demo/” button_text=”SCHEDULE A DEMO” admin_label=”Demo Button” _builder_version=”4.7.0″ custom_button=”on” button_border_color=”#a21d20″ button_use_icon=”off” background_layout=”dark” custom_css_main_element=”background-color: #A21D20;” button_text_color_hover=”#ffffff” button_border_color_hover=”#ffffff” button_bg_color_hover=”rgba(255,255,255,0)” button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”on” button_text_color__hover=”#ffffff” button_one
_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”on” button_border_color__hover=”#ffffff” button_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”on” button_bg_color__hover=”rgba(255,255,255,0)” button_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]