Network security: from reactive alerts to proactive threat hunting
In any security-minded organization, there are three ways to prevent or mitigate threats beyond firewalls, passwords or locks.
Imagine defending your network as you would defend a castle. In addition to walls, a gate, and a moat, you have:
- Threat detection: That’s the guards on watch, who keep an eye on suspicious activity.
- Threat response: Those are the soldiers they call up to defend against attackers.
- Threat hunting: These are your spies, who gather intelligence to prevent or anticipate future attacks (including from inside).
The first two layers of protection are well understood. The third, less so.
To bring us to the present, approximately 350,000 new malicious programs are discovered every day. In network security, there is a strong reliance on reactive measures—threat detection and threat response—to protect data privacy, corporate intellectual property, reputation and of course people.
For each organization, it’s critical to assess risk and determine which attacks warrant immediate action and which pose a lower threat. This lets your team prioritize events so they can trace incidents to their origin and impacts can be quickly understood and remediated.
What about threat hunting?
Threat hunting is a proactive measure that can uncover anomalies, such as non-human patterns, spikes of activity outside normal business hours, and other red flags that may indicate an attack, insider theft, or exfiltration of data. Threat hunting can discover suspicious behavior that, if left undetected, can offer cyber criminals access to IT systems for weeks and sometimes months.
The move to more proactive measures such as threat hunting can save precious time by anticipating an attack or stopping an ongoing one before the situation becomes critical. In the current climate, it is important to identify threats in minutes, not days.
OpenText Threat Hunting Service
The OpenText Threat Hunting Service delivers advanced threat intelligence to quickly identify and monitor threats and attacks, using the tools needed to discover malware and suspicious behavior that, if undetected, can offer access to cyber-criminals for months. The service can uncover a wide array of anomalies that may indicate an attack, insider theft or intentional destruction of data.
OpenText Threat Hunting Service delivers:
- Preventative, proactive support that identifies or validates the existence of threats and/or malicious activity within and across the cyber kill chain.
- Quick identification of patterns, relationships, and indicators of compromise.
- Insight into potential zero-day threats before cyber-criminals can attack the environment, both on-premises and in the cloud, using AI and machine learning tools.
- Threat hunting beyond network logs to secure endpoints and expand security measures.
- Remediation, risk and compliance recommendations to close gaps in security protocols and policies.
Going above and beyond the industry’s current practice of only using network logs as the standard way to hunt for threats, OpenText significantly expands that capability by incorporating telemetry information from the endpoint.
OpenText Network Detection and Response
The acquisition of Bricata’s Network Detection and Response technology extends threat detection and response beyond the endpoint to the network. Using smart sensors, OpenText Network Detection and Response (NDR) eliminates blind spots to deliver complete network visibility in support of comprehensive internal investigations. This level of inspection allows users to intelligently capture and analyze network data to support any type of internal investigation such as HR-driven investigations or fraud.
For more information
OpenText can help your business stay prepared and in a trusted state by identifying and eliminating blind spots in the network. Learn more about OpenText’s threat detection and response solutions and try OpenText NDR for free today to search, hunt and explore real data in a cloud lab environment.
Contact us at any time to speak with one of our security experts.