This time last year, the CrowdStrike Falcon OverWatch™ reported on mounting cyber threats facing organizations as they raced to adopt work-from-home practices and adapt to constraints imposed by the rapidly escalating COVID-19 crisis. Unfortunately, the 12 months that followed have offered little in the way of reprieve for defenders. The past year has been marked by some of the most significant and widespread cyberattacks the world has seen.

Targeted campaigns by malicious actors have become commonplace. As recent breaches show, these threat actors can stay hidden on agency networks for long periods of time, assessing your systems and looking for information to exfiltrate. We call them the enemy with no face.

I bet there was a time you loved your security information and event management (SIEM) system. This central location for managing all the security events on your network. But, as good as it may seem, many IT organizations have a love/hate relationship with their SIEM.

The 2017 DefCon conference featured former World Chess Champion Garry Kasparov, who spoke about artificial intelligence, computers, and of course, chess.  After losing a match to a purpose-built computer in 1997, Kasparov realized that the machine, although it had beaten him, was not truly intelligent:  it had simply out-calculated him, by examining over 200 million chess positions per second.  Kasparov soon devised “advanced chess”, in which a strong human player teams up with a computer.   Advanced chess combines the best human qualities of imagination, judgment,

While much of the focus on cybersecurity risks has been focused on prevention and detection, many organizations are quickly discovering that threat hunting is the next step in the evolution of their security operations center (SOC).

The concepts of threat hunting and threat intelligence went mainstream in 2016 bringing with it a whole new paradigm to threat mitigation and cybersecurity. But what is threat hunting and what use cases does it serve?

Security Information Event Management (SIEM) tools have been around for quite some time. SIEMs are great for aggregating log files, parsing them, and using real-time correlation rules to spot security incidents. But more advanced incidents can evade detection by your SIEM. Finding those evasive threats becomes a lot easier if you employ threat hunting.

Could user and entity behavior analytics (UEBA) be the missing piece of the puzzle that security teams have been waiting for in their bid to outmaneuver threat actors?

Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern Security Operations Center (SOC).

But what is “hunting"?

Sqrrl, a leader in big data analytics and cybersecurity, defines hunting as “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.”