Hyderabad: Hyderabad-based cyber security company BluSapphire has brought down the manual intervention in performing a threat hunt within the client environment by introducing ‘agentless framework’.
In most hunting exercises while network data is usually easily obtained, endpoint data is the most difficult to acquire. The company’s agentless hunting capability has addressed this problem allowing for live on-demand threat hunts, rather than relying on insufficient data or long deployment cycles.
Cyber threat hunting is a proactive security search through networks, endpoints, and datasets to hunt malicious, suspicious, or risky activities that have evaded detection by existing tools. Threat hunting tactics have evolved to use new threat intelligence on previously collected data to identify and categorise potential threats in advance of attack. It assumes that a breach in the enterprise has or will occur.
The company’s agentless framework allows organisations and their security analysts to hunt, find, analyse, respond and remediate all in one tool. BluSapphire consumes threat Intelligence from over 70 sources along with support for commercial feeds. The intelligence obtained is normalised. The normalised intelligence is utilised both on detection and in threat hunts.
With the help of automation, the company has been able to track specific compromised machines/devices out of several thousands of machines existing in the network, by studying the malicious behaviour, cutting down cost (by 35-40 per cent) and time in addressing the attack as well as improving operational efficiency.
Post reports of several Indian pharma and biotech companies (including those in Hyderabad) hit by cyber-attacks including those belonging to the APT10 family malware, there has been a swarm of activity from multiple life sciences companies in receiving an assurance by engaging ‘threat hunt’ as a service ensuring that latest of compromises specific to advanced threats are being scanned for and seek assurance that the same are not present within their respective systems and network.
Praveen Yeleswarapu, engagement head, BluSapphire Technologies, told Telangana Today, “Threat hunt is a combative procedure in uncovering hidden adversaries with a presumption that the attacker may be present inside an organisation’s network for days, weeks and even months, preparing and executing attacks.
Threat hunt combines a proactive methodology, technology, highly skilled people, and in-depth threat intelligence to find and stop the malicious activity.”
“We have received requests from pharma, biotech, defence and manufacturing companies for threat hunt, and we have assured that there is no malicious actor after our holistic intervention. We are working with a strategic public sector company in India. CERT (The Indian Computer Emergency Response Team) has also played a significant role in the country in creating awareness of threats and solutions enterprises can look at,” he added.
Threat hunt offers better ability to uncover hidden and established threats, ability to detect threats before the attacker causes damage, hence reducing incident losses. It presents an improved knowledge of the IT environment, with a focus on the hiding places frequented by advanced threat actors and a reduced attack surface resulting from discovered and removed vulnerabilities.
It further improves security incident response process and identification of gaps necessary to detect and respond to attackers.Threat hunting is a highly data-driven process and requires detailed logs, which can be divided into network data and endpoint data. The higher the quality of data, the higher likelihood of success of threat hunts, he noted.