SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Trustwave provides new feature for threat hunting platform
Thu, 19th Jan 2023
FYI, this story is more than a year old

Trustwave has relaunched its Advanced Continual Threat Hunting platform with a unique feature allowing its SpiderLabs threat hunting teams to carry out many more human-led threat hunts.

The new methodology is patent-pending, and Trustwave's enhanced offering has resulted in a 3x increase in behaviour-based threat findings that would have otherwise gone undetected if current Endpoint Detection and Response (EDR) tools had been used.

Experienced and specialised security threat hunters study the tactics, techniques, and procedures (TTPs) behaviour of the most sophisticated threat actors in the world and regularly carry out Trustwave Advanced Continual Threat Hunting.

The company's new intellectual property goes beyond Indicators of Compromise (IoC) to uncover new or unknown threats that evade existing security tools by hunting for Indicators of Behaviour (IoB) associated with specific threat actors.

"Traditional threat detection and prevention tools based on IoCs and EDRs alone are not sufficient to stop sophisticated threat actors who know how to evade detection," says Shawn Kanady, Global Director of SpiderLabs Threat Hunt Team at Trustwave.

"Our patent-pending Advanced Continual Threat Hunting platform, paired with our human-led, hypothesis-based approach, allows us to detect unknown threats that others don't much faster."

Trustwave threat hunters can use the platform to continuously develop thousands of in-depth queries throughout multiple EDR technologies and map them to the MITRE ATT&CK framework.

At this point, its patent-pending platform uses those queries through automation to specifically search for the IOBs of specific threat actors at scale across every threat hunt client and a range of supported EDR tools at the same time.

Trustwave SpiderLabs Advanced Continual Threat Hunting also adds value by determining whether a threat actor is in the environment and bringing awareness to opportunities of compromise prior to an attacker being able to exploit them.

"Armed with the latest threat intelligence and our behaviour-based approach, we proactively hunt for indicators of behaviour in real-time to uncover sophisticated actors, zero-days, security gaps, and hidden threats while providing our clients actionable recommendations to mitigate risk before serious damage is done," says Spencer Ingram, Senior Vice President of Operations, Trustwave.

"These are early-discovery capabilities organisations find impossible to replicate in-house due to the investment, skilled talent, current and historical intelligence and the technology required."

Trustwave applies the learnings from every new threat hunt finding, constantly improving its detection and response capabilities throughout its Managed Detection and Response (MDR) clients, offering scale and benefits for its global client base.

Further, threat hunters carry out hunts based on Trustwave's global curated threat intelligence, which includes malicious activity discovered in client environments throughout its products and services, as well as externally sourced threat intelligence.

Trustwave Advanced Continual Threat Hunting benefits include:

  • Human-led advanced threat hunting conducted at scale with the latest threat actor intelligence to detect what others can't much faster
  • Discover malicious behaviour-based activity that existing security technologies cannot
  • Uncover hidden or persistent threats to actively reduce the attack surface
  • Identify potential insider threats
  • Raise awareness of potential security gaps and risks with recommendations to mitigate
  • Discover IT and policy misconfigurations that create additional attack opportunities
  • Continual updates to threat intelligence and detection content after discovering new indicators of compromise
  • Instantly benefit from global client base. After a newly discovered threat is found in one client environment, all clients will be protected

Trustwave's offering supports the most popular EDR technologies available, including Microsoft Defender for Endpoints, Palo Alto Networks Cortex XDR, SentinelOne, and more.