Aarush Ahuja’s Post

Register now for this two-part series, where CDW will explore how Microsoft Sentinel and Defender XDR can help you hunt, detect and respond to threats using the power of threat intelligence and automation.

Attention SOC Analysts! Are you tired of spending countless hours on manual research and investigation? Look no further than Anomali! Our advanced capabilities provide you with comprehensive threat intelligence, automated alert triage, real-time analytics, proactive threat hunting, seamless integration, and incident response playbooks. With Anomali, you can reduce manual tasks and focus on protecting your organization. Streamline your workflow and enhance your threat detection, analysis, and response. Check us out now! #Anomali

In the aftermath of a cyberattack, swift and effective response is crucial to minimize damage and downtime. The key is restoring systems quickly and safely, often through backups. However, identifying the right recovery point can be challenging. Rubrik’s Threat Hunting feature scans backup snapshots to find indicators of compromise (IOCs), pinpointing the exact time and scope of infection. This precise recovery minimizes data loss and downtime, helping businesses resume normal operations faster. Read More: https://lnkd.in/e8-x_DJK #DOFtechnology #ServiceDriven #DataProtection

Rely on Attack Detective to automatically scan your environment with custom parameters and dataset to determine the potential attack surface. Quickly filter the results and verify them in your Data Plane to remediate the threat in the least time possible.

Rely on Attack Detective to automatically scan your environment with custom parameters and dataset to determine the potential attack surface. Quickly filter the results and verify them in your Data Plane to remediate the threat in the least time possible.

Start now with Attack Detective to validate your detection stack in less than 300 seconds with an automatic read-only ATT&CK data audit to find blind spots in your log source coverage.

Rely on Attack Detective to automatically scan your environment with custom parameters and datasets to determine the potential attack surface. Quickly filter the results and verify them in your Data Plane to remediate the threat in the least time possible.

Rely on Attack Detective to automatically scan your environment with custom parameters and datasets to determine the potential attack surface. Quickly filter the results and verify them in your Data Plane to remediate the threat in the least time possible. https://lnkd.in/duWUn_d6

Rely on Attack Detective to automatically scan your environment with custom parameters and dataset to determine the potential attack surface. Quickly filter the results and verify them in your Data Plane to remediate the threat in the least time possible.

#Hunting_Maturity_Model #Threat_Hunting This is a series to help new New Hunters and SOC analysts to Understand Threat Hunting How to hunt advanced threats (hopefully) before they happen (before they reach critical data assets This post is part of a series of posts on hunting maturity levels Previous Posts: HMM 0: https://lnkd.in/dKdpV9gK HMM 1: https://lnkd.in/dE8rpt69 HMM2 Hypothesis Generation: https://lnkd.in/dNDjjwhr Hunting Maturity Level 2: Overview: 1. Hypothesis Generation 2. Prioritization 3. Execution 4. Findings and Reporting Last time we discussed hypothesis generation This time we discuss Prioritization, By now you should have a backlog of ideas and hypotheses for hunting, many people and branches of cybersecurity resilience should contribute to hypothesis generation. Check last post for more on that Now, before enthusiastically jumping to execution, but a lot of work, and probably find nothing, because you didn’t pick the most probably accurate hypothesis. You should take your time and think about each scenario, ask yourself the following questions: 1. What am I looking for? 2. How will I observe this behavior? 3. Do I have the proper log sources for that? You should also know what is the probability of such an activity happening, but how do you know before executing the hunt?, isn’t that the point of threat hunting?! This is the epistemological question of many other fields, how to make an unbiased educated guess, and it is not easy, but it is the reason why threat hunting is an interesting puzzle, this is the value and core of Threat Hunting. Similar to medical diagnosis or scientific research, it needs you to make an educated approximate guess on how likely a hypothesis to happen. Some good advice is: 1. Use Occam’s razor (if there are many valid explanations for an anomaly, the simplest one is most probably the correct one) 2. Everybody has cognitive biases So you will need to know what the SOC analysts might have missed due to these biases What current threat detections might have missed due to high thresholds for say brute force vs. a slow attack …etc 3. Know normal You should know what normal behavior a user will perform What is a grey area, an anomaly but not an attack Due to developers or vendors using scripts or admins ..etc And what is malicious, This requires very good experience in building good Threat Detections and bypassing them To conclude this is the trickiest part of Threat Hunting. #HMM_2 #Hunting_Season #Happy_Hunting Till next time! 🇵🇸