blog-header-image
| 3 min read
| May 11, 2021
| by Peter Silberman

Expel Hunting: Now in the cloud


Great security strategy is made up of a multi-layered approach.

It involves, but isn’t limited to, detecting suspicious activity in real time, using proactive security controls and policies – and if you have the time (try not to laugh too hard here) – actively looking (or hunting) for threats.

Hunting has traditionally looked for spots where an attacker slipped through without setting off alarm bells.

Webcast
Why hunting is more than looking for threats
But with the current tech transformation – adoption of SaaS, use of cloud infrastructure, introduction of new (and amazing) services to make developers and users more efficient – we think it’s time to expand on what hunting can find.

Hunting gives you visibility into interesting things happening in your environment –

like users modifying configurations or adding applications that can decrease your security posture along with activity that can indicate process breakdowns or genuinely suspicious activity.

We think of these findings as insights.

And these insights help our customers truly understand their environment and can keep bad stuff from happening.

With more and more orgs using multiple cloud providers to store all the things, hunting (and the insights it produces) is an important part of any security strategy.

Which is why we’re introducing new hunting techniques for our customers that focus on – you guessed it – cloud.

What’s new

Expel Hunting now offers coverage in Amazon Web Services (AWS) and Microsoft Azure to help find blind spots. We’re newly armed with a set of targeted cloud hunts, focused on key pieces of information you may be missing.

Transparency – We lay our cards on the table so you know exactly what we’re doing for you. For every hunt, we’ll show you the work that went into it. We’ll tell you our methodology – mapped back to the MITRE ATT&CK framework, the data we pulled, what tech we used and the outcomes. It’s important for you to see what we’re doing and why – so you can learn too.

Expanded scope –  We’re constantly adding to our library of hunt techniques based on activity we see among our clients. Which is why we’ve added new hunts focused on cloud environments and applications.

Insights – While we’re running through your logs, we’ll tell you what normal looks like for you and surface activity that something does not seem right. These findings provide visibility into your environment that you didn’t know about otherwise. You can put these insights into action and better secure your environment.

What you’ll get with Expel Hunting

More value out of your existing tech

No need to go out and buy more stuff. We’ll hunt across your environment with the tools you’ve already invested in. The more we connect to, the more we can hunt for. Breaking down these silos helps make your team and existing investments stronger.

Uncover more than threats

We hunt beyond what is malicious. As we comb through your data, we flag strange activity that falls outside of “normal” like misconfigurations in your infrastructure that could be increasing your cloud costs. With expanded insight into your environment, you’ll get an in-depth analysis of your logs and shine light on anomalous activity that would not be found through detection.

Hunt techniques aligned to your unique risks

Do you want to hunt in the cloud, in SaaS apps or on-prem? You got it. We take a close look at your environment and let you know exactly what hunting techniques we can use and the types of things we’re able to find.

More sleep

Don’t lose sleep after reading the latest Reddit article that leaves you wondering: How do I know we’re not affected? By working with Expel, you’ll have more confidence when the latest threat strikes, knowing that we’re protecting you against emerging threats and improving your security posture. (We can’t, however, help with sleep problems related to noisy neighbors, pets, children with an inexplicable abundance of energy … you get the idea.)

Ready to go on the hunt?

We sure are.

If you’re curious as to what others think about Expel Hunting, take a look at the Q1 2021 Forrester Wave™ Report, where Expel was ranked five out of five when it comes to threat hunting.

Let us help so that your team can get back to focusing on the highest value security work – and get you back to doing what you love.


Subscribe

What is (cyber) threat hunting and where do you start?

Sometimes the security landscape seems like a big game of telephone. A buzzword pops up. It may even be a good one. But then it enters the vendor echo chamber. Everyone starts repeating it to each other. The vendors CEO…
Read More