TL;DR: Hunters’ new capabilities empower organizations to directly address their bespoke use cases with customizable features that can be easily scaled without deploying extra resources.
Hunters is designed to automate redundant, mundane and time-consuming tasks and covers 80% of security use cases with out-of-the-box capabilities. While this is extremely impactful for security teams, there is usually also a need to be able to customize their strategy according to use cases that are unique to their organization - the remaining 20%.
With a newly released set of “customization features,” Hunters puts the power in the hands of our customers to build on top of and tailor Hunters' capabilities to address the intricacies of their organization's needs.
With the addition of detection-as-code APIs, custom data source ingestion, and improved asset and data source tagging, your organization has more control than ever while using Hunters.
Learning about these new features is great, but understanding how they can be used with real use cases is even better. So how do these features make life easier for members of a SOC team? Let’s look at three concrete use cases.
1. Build a Complete Data Lake Strategy
When it comes to replacing your SIEM, leveraging a data lake to house your security data has become common practice. However, when doing this, being able to ingest and house all of your data is a necessary prerequisite. This is important not just to effectively monitor your environment for security incidents, but it is also to cover your auditing and compliance use cases.
Now, with Hunters’ new custom data source capability, you are empowered to build out a complete data lake strategy not only by ingesting data from one of our hundreds of prebuilt integrations, but also by simply configuring ingestion from custom data sources with just a few clicks.
Ingesting and retaining data from any source, whether it be from an HR tool, EDR or even physical security logs, has become increasingly vital. However, adopting a data lake strategy for those logs must also ensure that the data is available for use when you need to access it.
Hunters does exactly this with the self-serve ability to ingest structured or unstructured data from your cloud storage. Within Hunters’ platform, you can leverage this data from custom sources in our Notebooks feature for querying, build dashboards for reporting or create custom detectors to detect events that are most relevant for your organization.
With the new capabilities, you can now use Hunters as a “one stop shop” for all of your data. It’s very simple to ingest data, even from unique sources, and keep it available to actually be used when you need it.
2. Scaling Business Context
It’s no secret that organizations, whether large or small, deal with tons of security data. Whether it be entities with specific sensitivity levels (like crown jewels), data from different business units or different geographies, or siloed data from different sources, it takes a lot of time and effort to piece together information in a way that’s understandable and actionable.
With Hunters’ new APIs, organizations of any size can leverage robust business context at scale by programmatically tagging assets and data sources in bulk within their security operations.
Adding additional context helps create a more complete view that security teams can use to make informed decisions more quickly. This can look like prioritized and context-oriented security queues that have been customized to fit the specific needs of your security team.
Hunters APIs allow these to be updated dynamically to maintain the status quo as your organization grows, and greatly reduces time and effort to scale contextualization across your entire organization.
Security teams spend a lot of their time customizing their SecOps tools by manually adding their custom logic and their specific business context, which is often hard to do quickly or at scale.
Hunters’ newly introduced API capabilities enable a detection-as-code approach, making this type of customization fast, simple, and easy to scale.
If you aren’t familiar with the concept, detection-as-code utilizes APIs and deployment pipelines to provide desired auditing capabilities, making the development lifecycle for security operations much closer to that of traditional software development.
This approach improves processes to help your team develop higher quality alerts or reuse code within your organization so you don’t have to build every new detector from scratch. It also helps push detection engineering left in the development lifecycle, removing the need to manually test and deploy detectors.
Using the detection-as-code approach via Hunters’ API, organizations are empowered to create custom detectors with efficiency to address the use cases that are most important to them.
Combining Hunters’ custom detector API with Hunters other new functionality gives you even more robust control over your environment. For example, using Hunters APIs you can also programmatically tag assets in order to label and organize them based on their sensitivity (crown jewels, etc.) or business context (geographies, business units,etc.).
Together, these new functionalities are really exciting for detection engineers. They help to employ an improved and efficient development lifecycle, and for large organizations to more effectively manage multi-tenancy environments.
This combination of customization features is the beginning of Hunters’ development into leveraging detection-as-code to give our customers the ability to address their bespoke needs while still leveraging Hunters’ capabilities.
For many organizations, Hunters provides best in class automation and correlation capabilities across their security workflow, but with the new release of these exciting new customization capabilities, the SOC teams that need and want to leverage Hunters for robust hands-on customization for their unique needs can do so with ease.
If you want to learn more about how your organization can take advantage of these capabilities, get in touch with us here.