Enhance Threat Hunting: Cyber Security Tips

by

June 29, 2017

Soup Up Your Threat Hunting with our Cyber Security Recommendations

You’re aware of cyber-threats and you’ve started looking for them. You’ve found a few tools along the way that’ve helped you learn a thing or two as well. Every day you feel like you’re getting better and better at what you’re trying to accomplish.

But something’s missing isn’t it? You might know how to handle yourself in a threat hunting fist fight but it’s time to get more serious. You need better equipment and Integris can help point you in the right direction.

batcave-big.jpg

Our primary recommendations focus on products from two different companies: Cybereason and Cylance.

Cybereason

Let’s start with Cybereason.

Founded in Israel, and based in Boston MA, the company has a military pedigree stemming from it’s founder’s time spent in the Israeli Defense Force (IDF). Their threat hunting platform aims to protect every endpoint across the Internet of Things.

Cybereason has the ability to tell companies instantly if they’re under attack, the impact of the attack and how to immediately stop the threat. Their platform can easily connect the dots between individual elements of an attack campaign.

Cybereason operates on four basic principles to identify, engage and defeat threats: Collect, Detect, Hunt and Report.

Cybereason collects information by deploying silent sensors across your endpoints and servers  to collect telemetry in real time. They sniff out threats by leveraging their analytics engine to query data at a rate of 8 million questions per second to look for odd behavior and incongruities across your entire system.

Once a threat is found, Cybereason goes on the offensive, profiling your environment to find the low and slow insidious activity that’s actively missed by traditional signature focused tools. Cybereason they presents a comprehensive incident report that includes findings and recommendations you can do to close any gaps and improve your security posture.

All in all what they do is super impressive and they show no signs of stopping or slowing down. Just recently the company raised another $100 million in funding from Softbank (https://www.cnbc.com/2017/06/21/softbank-corp-invests-100-million-into-cybersecurity-start-up-cybereason.html).

They’ve also released a fantastic Ransomware tool called RansomFree that you can try out right now for free (http://content.security7.net/download-ransomfree). RansomFree is a free ransomware protection software, created by Cybereason. RansomFree detects and stops ransomware from encrypting files on computers and servers. While not exactly a threat hunting tool, it’s definitely worth checking out.

Cylance

When it comes to endpoint protection there aren’t many names in the game that hold as much clout as Cylance. They recently won the Best Endpoint Protection Product of 2016 award from the SANS community.

Cylance isn’t your run-of-the-mill endpoint protection. Their singular focus has been to block computer viruses or malware before they effect a user’s computer and they’ve been wildly successful.

The big companies like McAfee and Symantec use pre-existing definitions and signatures of already detected threats to determine whether or not software one of your end-users downloaded is malicious. Cylance doesn’t do that. CylancePROTECT uses machine learning to protect endpoints.

Math modeling has enabled Cylance to stay ahead of the curve. Their predictive analysis process allows them to quickly and accurately identify what is safe and what is a threat as opposed to using pre-existing signatures to determine what’s blacklisted or white-listed.

The SANS Community was right to name them the best endpoint protection product of 2016, they deserve it and they definitely earned it. Cylance is the best of the best. And their newest product, CylanceOPTICS doesn’t disappoint.

Like CylancePROTECT, OPTICS is an artificial intelligence drive endpoint detection and response solution. It’s designed to extend the prevention delivered by PROTECT through AI driven root cause analysis. It’s scalability and ability to be immediately respond to threats against endpoints makes it incredibly attractive.

Conclusion

It’s never been more dangerous for companies who do business on the Internet. In recent memory we can’t remember a day that’s gone by that didn’t include some mention of cyber-warfare attack.

Cybereason and Cylance both do a fantastic job of protecting endpoints and we personally recommend both. When it comes to protecting systems and endpoints you really can’t accept any substitute.

We're Integris. We're always working to empower people through technology.

Keep reading

How Can I Measure the ROI in Managed IT Services?

How Can I Measure the ROI in Managed IT Services?

How Can I Measure the ROI in Managed IT Services? The Quick Take Measuring the ROI of managed IT services is crucial for IT managers and C-suite leadership. Here are the key steps: Step #1—Define Goals and Metrics: Set clear goals and identify key performance...

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...