Today’s threat landscape demands a lot from security analysts: unwavering attention, unflagging energy, and an uncanny ability to hunt for unknown threats on an organization’s network.
In a recent video, ExtraHop expert Josh Snow explains step by step how to proactively hunt for threats with Reveal(x). He begins by detailing the three key components:
- Coverage. This includes data sources (logs, agents, network data), encrypted traffic, communication between devices and the network, and the correlation between these disparate streams.
- Workflow. How easily are you able to access proprietary telemetry data to make correlated context-driven insights, and be able to search across large amounts of this data?
- Retention. The ability to look back through historic organizational data to uncover and contain dormant threats.
These steps provide analysts with a rich data source and the broad spectrum coverage required to hunt for advanced threats—which is how members of the ExtraHop Detections Research and Data Science teams successfully detected and contained a Cobalt Strike attack on an organization's network environment.
Watch the video for a comprehensive guide to threat hunting with Reveal(x).