Blog

Transform Threat Hunting

Transform Threat Hunting
How can you transform threat hunting? Consider this home security scenario:

Imagine you have a choice of two home security systems: 

The first one only alerts you about intruders after they have broken into your house. The second one works when the threat is on your front lawn and keeps it away.

Which do you choose? Seems obvious, right?

When it comes to cybersecurity however, teams tend to choose solutions that create alerts about the break-ins vs. taking action to prevent it. This threat hunting scenario exemplifies how PacketViper transforms threat hunting.

Threat hunting at the network edge
Threat hunting is a popular cybersecurity defense strategy. It is frequently associated with hunting for threats that have penetrated the network and are poised to do further damage. The base assumption is that the threat has evaded the network perimeter defense. While it is true that sometimes things get through the perimeter, the network is always better off if threats don’t make it through. Also like many security practices, threat hunting is frequently reactive.

As more information accumulates on the threat, the tendency is to take time, run analyses and focus on what further damage might be possible. Managers consider what data it might collect and how it might proliferate. These are critical tasks and important for sound defense, of course. But with many IT and cybersecurity teams understaffed, most organizations don’t have the bandwidth to explore the data required. Even worse, they rarely can answer the most important question, how did the threat enter the network in the first place? Or how did the threat call out to command and control? Penetrating the network and planting the malware seed is a significant victory for any cyber-attacker. The greatest threats are probably those not yet known or do not appear on a threat intelligence list, which are the focus of most teams. It’s these unknown, lingering threats that may already be doing reconnaissance scans against your network.

So the question is, would you do something if you could, to stop them earlier in the attack cycle? Take action to stop them before they get in?

Of course! The good news is, you can. You can stop them at the perimeter using transformative deception to make them reveal themselves.

Deceive threats. Reduce noise. Gain the advantage.
PacketViper’s Deception360 solution transforms your cybersecurity plan. Deception360 deploys active, inline perimeter decoys to increase the difficulty of the attack from the earliest reconnaissance scans. Enacting Deception360 allows your team access to real-time deep-learning about threats that are actively recon scanning your network. When the threats hit a decoy, they also reveal themselves. But our solution does more than alert your team. It can automatically write rules to block the offending IP. PacketViper’s Deception360 automatically takes action to block the threat, based on the luring tactics our decoy’s execute to reveal each attacker’s IP.

Unlike a firewall drop, this blockage denies the connection attempt but allows the offending IP to come back and try again. Deception360 prevents their return and ability to proxy, which helps network managers lean forward into the potential problem earlier. Now managers can be proactive. Teams can better understand when threats are on the edge of your network instead of just getting alerts that they’ve made it in. This can be truly transformative for your team’s workflow, intel gathering and posture against threats.

Consider if your cybersecurity plan could be transformed by PacketViper’s approach to threat hunting. Contact us today to learn more.