Hunters is cloud-native platform built to support the entire SOC workflow: from data ingestion and retention, to threat detaction investigation and response.
What does the Hunters SOC Platform do?
Hunters is cloud-native platform built to support the entire SOC workflow: from data ingestion and retention, to threat detection, investigation and response.
The Hunters SOC Platform empowers security teams to automatically identify and respond to incidents that matter across their entire attack surface, at a predictable cost. Through built-in detection engineering, data correlation, and automatic investigation, we help teams overcome volume, complexity, and false positives. Hunters mitigates real threats faster and more reliably than SIEMs, ultimately reducing customers' overall security risk.
Hunters SOC Platform Capabilities
Why would I need Hunters, if I already have a SIEM?
The Hunters SOC Platform solves many of the problems organizations face with their SIEM today. These include:
- Siloed data: Hunters makes it possible for customers to unify their data by providing "always-hot" access to data with a predictable price model.
- Reducing operational overhead: The Hunters SOC Platform ingests, normalizes, investigates, scores, and correlates security telemetry and organizational data - providing faster time to value.
- Turnkey analytics mapped onto the MITRE ATT&CK framework: Hunters provides detection analytics covering endpoint, network and cloud telemetry, and more, covering the majority of security use cases.
- Reduced MTTD and MTTR: By just connecting your data to Hunters, the platform starts to work by prioritizing events based on risk score, reducing noise and auto correlating events.
What's the difference between a SOC Platform and a SOAR
Many organizations use SOAR to automate investigation, enrichment, and perform event correlations, whereas Hunters provides this ability natively.
The Hunters SOC Platform is designed to put you in a position where you have prioritized list of events that are actionable with clear understanding of what response is needed.
Hunters has an API allowing us to integrate with ITSM and SOAR solutions and we also have technical partnerships with automation solutions like Tines, Torq and Workato.
How does Hunters work with Snowflake?
The Hunters SOC Platform natively integrates with the Snowflake Security Data Lake, acting as both the ETL and the analytics engine on top of it - helping security teams achieve greater coverage at a lower cost. The key benefits of working with Snowflake and Hunters, you can retain all your data without compromise, gain visibility across data silos and organise and access your data at a predictable cost.
How does Hunters work with Databricks?
The Hunters SOC Platform combined with with the Databricks Lakehouse transforms the visibility of a customer’s SOC into security events - on a unified, cloud-native platform across all data streams from the entire IT and security environment. By integrating with the Databricks Lakehouse, the Hunters SOC Platform enables their customers to gain deeper insights into their organization’s security and respond to threats more quickly and effectively, bringing their security data lake of choice.
Does Hunters protect against insider threats?
Hunters correlates a board variety of different telemetry, including IT, OS, User, Directory, Identity, HR, apps, and more which help to point at a potential internal threat (e.g. use of credentials associated with an employee that was laid off). Insider threat is tricky to detect, and Hunters is also looking for specific indications that might indicate an insider malicious activity.
Does Hunters have UEBA capabilities?
In order to move beyond the traditionally noisy UEBA capabilities provided by many SIEM vendors, Hunters takes a new approach: Multi-context UEBA. Multi-context UEBA implements automation, dynamic thresholds, and Hunters’ robust data correlation techniques to analyze malicious user behavior and policy violation across multiple data sources. Hunters’ pre-built UEBA detectors can identify anomalies across various contexts and time windows much better than many UEBA solutions while greatly reducing false positives. Customers can also choose to build their own UEBA detections. Read more about Multi-context UEBA on our blog here.
What type of detection / analytics do I get out of the box?
Hunters provide out-of-the-box detection capabilities that cover most of the common security use cases acrosss organizations, so that security practitioners can focus on the use cases that are unique to them. At Hunters we use the 80:20 rule depending on your solution, chances are about 80% of your functionality is shared across customers and can be standardized, and only 20% needs attention or customization.
Therefore, at Hunters we are automating the deployment of new detection capabilities across all our customers, as fast as possible, without them having to worry about understanding, analyzing and building detections. Customers then get all that capability out of the box so they can focus on the 20%, that is bespoke and unique to them.
With Hunters you get:
- Transparent Security Updates - All detection rules are pre-verified on real-world customer data to remove any false positives and excessive alerting, then deployed directly to all customer tenants without requiring and action or tweaking. This dramatically reduces risk exposure while reducing operational overhead.
- Automatic Investigation - Every alert is automatically enriched with information from various sources (e.g., user name from CrowdStrike with login records from Okta, IP addresses with threat intel information) and displayed to the analyst for faster triage and investigation, as well as advanced detection and scoring purposes.
- Graph Correlation - Alerts across entities and attack surfaces are automatically correlated on a graph. This capability highlights high-fidelity activity, improves investigation time, and allows leveraging low-fidelity signals that are often overlooked.
- Dynamic Scoring - Not all signals from same detection logic are treated the same. For example, leads with sensitive assets (e.g., C-level, domain servers, etc.) are prioritized, and risk for known benign behaviors is lowered (e.g., a binary signed by Microsoft).
- Threat Clustering - Alerts are automatically clustered together using proprietary "threat similarity" logic, reducing redundant work for up to 90% of alerts that may happen across days and weeks.
Data and Deployment
How much data can the Hunters SOC platform take?
The Hunters SOC Platform serves very large organizations that need to ingest and process dozens of TBs per day. Our architecture is built for scale, and we offer unlimited ingestion enabling security teams to leverage all data sources across domains without compromise.
Our SOC Platform runs on AWS and using either Snowflake or Databricks as its data warehouse, which are both built to handle large scale data.
What is the difference between Hunters and an MSSP?
An MSSP delivers 24/7 human-based eyes on glass SOC or SIEM monitoring services. Hunters delivers a technology-based SOC platform, which automates a majority of the SOC workflow, from unlimited data ingestion, detection engineering as a service, to automated enrichment, correlation and investigations, for the analysts to promptly act upon and with full context. Hunters currently does not provide 24/7 monitoring services. If you'd like to work with an MSSP and Hunters, please reach out to us.
How does Hunters work with an MSSP
Hunters' built-in detection and investigation capabilities can either complement or replace a manned service. By using an MSSP you outsource the protection of your high value assets to a third party who may oversubscribe layer-1 analysts to multiple customers. Furthermore, MSSP analysts are often not familiar with the uniqueness of your organization leading to false positives, or worse so - false negatives, leading to missed incidents.
Team Axon, our expert in-house group of technology professionals, do not offer MSSP services but their capabilities include rapid response, proactive threat-hunting and on-demand investigations. To find out more about Team Axon's capabilities please click here.
Who are Team Axon and what are their capabilities?
Team Axon is a select group of technology professionals whose mission is to deliver world-class cybersecurity expertise, battle tested initiatives, and actionable insights to customers. Team Axon's capabilities include rapid response to emerging threats, proactive threat-hunting and on-demand investigations. To find out more about Team Axon's capabilities please click here.
What technology integrations does the Hunters platform have?
The Hunters SOC Platform already has dozens of technology integrations, and you can see our current ones here. We are also willing to look at additional integrations too, so if there is an integration that you don't see on our list, please feel free to contact us.
What are some of the key data source, that I should integrate with in order to get value from Hunters SOC Platform?
The Hunters SOC Platform prides itself on being able to offer customers the chance to bring as much as data as they can without taxing the security budget. The benefit of which, that with our unlimited data ingestion our platform doesn't become noisier, like some of our competitiors. With Hunters you provide us with your security stack, and we'll take it to the next level with automated correlation across different data sources.
Our Platform has integrations with hundreds of data sources that can be easily connected to the platform, you can see some of our integrations here.
To get started, we recommend connecting EDR telemetry, cloud logs and identity-driven data.
How does the Hunters pricing model work?
Unlike SIEM solutions that charge per storage, forcing security teams to compromise on the data sources they can monitor and have visibility over, at Hunters we use an entity-based pricing model (i.e. the number of entities that are part of your organizational network): workstations, virtual machines and EC2 instances within the monitored environment. We also have optional components which include our Security Data Lake, Team Axon and Professional Services.