Enhance Threat Hunting: Cyber Security Tips

by

June 29, 2017

Soup Up Your Threat Hunting with our Cyber Security Recommendations

You’re aware of cyber-threats and you’ve started looking for them. You’ve found a few tools along the way that’ve helped you learn a thing or two as well. Every day you feel like you’re getting better and better at what you’re trying to accomplish.

But something’s missing isn’t it? You might know how to handle yourself in a threat hunting fist fight but it’s time to get more serious. You need better equipment and Integris can help point you in the right direction.

batcave-big.jpg

Our primary recommendations focus on products from two different companies: Cybereason and Cylance.

Cybereason

Let’s start with Cybereason.

Founded in Israel, and based in Boston MA, the company has a military pedigree stemming from it’s founder’s time spent in the Israeli Defense Force (IDF). Their threat hunting platform aims to protect every endpoint across the Internet of Things.

Cybereason has the ability to tell companies instantly if they’re under attack, the impact of the attack and how to immediately stop the threat. Their platform can easily connect the dots between individual elements of an attack campaign.

Cybereason operates on four basic principles to identify, engage and defeat threats: Collect, Detect, Hunt and Report.

Cybereason collects information by deploying silent sensors across your endpoints and servers  to collect telemetry in real time. They sniff out threats by leveraging their analytics engine to query data at a rate of 8 million questions per second to look for odd behavior and incongruities across your entire system.

Once a threat is found, Cybereason goes on the offensive, profiling your environment to find the low and slow insidious activity that’s actively missed by traditional signature focused tools. Cybereason they presents a comprehensive incident report that includes findings and recommendations you can do to close any gaps and improve your security posture.

All in all what they do is super impressive and they show no signs of stopping or slowing down. Just recently the company raised another $100 million in funding from Softbank (https://www.cnbc.com/2017/06/21/softbank-corp-invests-100-million-into-cybersecurity-start-up-cybereason.html).

They’ve also released a fantastic Ransomware tool called RansomFree that you can try out right now for free (http://content.security7.net/download-ransomfree). RansomFree is a free ransomware protection software, created by Cybereason. RansomFree detects and stops ransomware from encrypting files on computers and servers. While not exactly a threat hunting tool, it’s definitely worth checking out.

Cylance

When it comes to endpoint protection there aren’t many names in the game that hold as much clout as Cylance. They recently won the Best Endpoint Protection Product of 2016 award from the SANS community.

Cylance isn’t your run-of-the-mill endpoint protection. Their singular focus has been to block computer viruses or malware before they effect a user’s computer and they’ve been wildly successful.

The big companies like McAfee and Symantec use pre-existing definitions and signatures of already detected threats to determine whether or not software one of your end-users downloaded is malicious. Cylance doesn’t do that. CylancePROTECT uses machine learning to protect endpoints.

Math modeling has enabled Cylance to stay ahead of the curve. Their predictive analysis process allows them to quickly and accurately identify what is safe and what is a threat as opposed to using pre-existing signatures to determine what’s blacklisted or white-listed.

The SANS Community was right to name them the best endpoint protection product of 2016, they deserve it and they definitely earned it. Cylance is the best of the best. And their newest product, CylanceOPTICS doesn’t disappoint.

Like CylancePROTECT, OPTICS is an artificial intelligence drive endpoint detection and response solution. It’s designed to extend the prevention delivered by PROTECT through AI driven root cause analysis. It’s scalability and ability to be immediately respond to threats against endpoints makes it incredibly attractive.

Conclusion

It’s never been more dangerous for companies who do business on the Internet. In recent memory we can’t remember a day that’s gone by that didn’t include some mention of cyber-warfare attack.

Cybereason and Cylance both do a fantastic job of protecting endpoints and we personally recommend both. When it comes to protecting systems and endpoints you really can’t accept any substitute.

We're Integris. We're always working to empower people through technology.

Keep reading

What to Know Before Installing Copilot for Microsoft Word

What to Know Before Installing Copilot for Microsoft Word

Imagine having an AI assistant that pulls from your notes, marries them to an existing document format, and writes a document for you. That's the power of Copilot for Microsoft Word, which is planned for rollout in 2024 for those who buy the Copilot M365 license....

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...