Rawstream’s new Threat Huntr™: now you can hunt cyber threats rather than wait for an attack

Be Proactive with Cyber Security

Rawstream’s new Threat Huntr™ proactively searches for unknown, active threats in an environment It is the new gold standard for endpoint security. Malware or attackers can be lurking in your network quietly siphoning off data, or working their way across the network jumping from host to host.

Your Endpoint Security Isn’t Infallible

You don’t need to read the news to know that your security is not infallible. Many major companies have been successfully attacked and it’s often a matter of when, not whether, you will be too. Defense in depth can fail. While the majority of threats can be stopped with good security practices such as keeping systems updated with the latest patches, implementing network firewalls, and using web filtering to block phishing attempts, an attacker may still get through. And they often do. When traditional systems fail to stop the attacker, the proactive company needs to actively look for indicators of compromise using its logs and data sources.

Proactive Security for Endpoints

Today’s release of Rawstream Threat Hunting capability is the first in a series that will provide targeted, timely intelligence to the proactive organisation. From today organisations will have access to intelligence that will highlight potentially insecure new applications on their network, suspicious network access, and user activity.

New software that was previously unseen on the network can be a threat if the application was not sanctioned by the organisation’s IT team. The new software may be harmless but the IT team still need to be aware that it is installed on the network and take steps to ensure that it patches are installed in a timely manner. On the other hand, the fact that an employee was able to install software serves as an alert to IT that installation permissions may need to be tightened up. In the worst case scenario, the software is malware that was not caught via traditional security means.

An industry first

In a first for the industry, Rawstream displays enriched domain reporting: the geographic location of the host, and domain age. Network access to servers in geographies where your company does not traditionally do business, for example, Russia, is a highly suspicious. In addition, a domain’s age is a strong indicator about a domain’s trustworthiness. Access to a domain that has only been registered for a few days is a strong sign of a phishing attack.

Internet Access is Essential: Rawstream Makes It Safe

With most business applications running in the cloud, internet access is essential. CRM, email, document sharing, communications and many other essential business applications need network access. All this network activity generates a huge number of logs, making it practically impossible for your IT teams to find the needles in the very large haystacks of data. Traditional SIEM software generates many alerts. Fine-tuning the rules to minimize false-positives while still retaining detection capability requires a tremendous amount of time and resources.

Rawstream Threat Huntr™ Protects You in a New Way

With Rawstream Threat Huntr™ we’ve taken a different approach. In the first release Threat Huntr™ will report DNS MX lookups, and MX lookups to previously unseen domains. Your mail traffic should flow through only a very small number of servers, either internally for on-premise mail servers, or to Google’s Gmail, Microsoft Office 365, or the like. MX lookups to other domains is highly suspicious and is a strong indicator of compromise or permissive firewall rules.

By anticipating threats, we provide a strong barrier of protection.

Future Updates Will Increase Your Endpoint Security

Today’s Threat Huntr™ release is the first in a series of releases to increase expanded reporting and capability. The next major release will correlate processes running on the endpoint with each process’s network activity. By building a model of process activity and their network traffic, Threat Huntr™ will provide reliable, actionable new indicators of compromise.

Our continued focus remains on providing timely intelligence without the high false-positives that is the bane of traditional security approaches.

Threat Huntr™ is Available Now

The new functionality is available right now for all our existing customers. Just log in to your Rawstream account and go to Dashboard > What’s New

Sign up for Rawstream at https://app.rawstream.com/signup today.

Related posts

Wildcard Support for Cloud DNS Filtering

From today, Rawstream Network Security adds the capability to allow or block domains based on wildcards. Wildcard support is being rolled out across all our DNS IPs right now and will be complete across the next few hours. The entries will match on the full domain queried, including...

Rawstream Network Security for 5G & Internet of Things

Rawstream Network Security for 5G & Internet of Things

5G promises large bandwidth and very low latency to a very large number of devices. And its just round the corner: over 200 operators in various stages of rolling out the technology. We wrote about 5G in more detail in a previous blog post. This post is about the security aspect of 5G and...

Securing 5G Networks and Future of Network Security

Securing 5G Networks and Future of Network Security

That Tesla that just drove by. Heart monitors. The AC in your office. Nothing out of the ordinary, except that over the coming months and years these and many other devices and items that we use everyday will be transformed by the rollout of 5G - a new network technology and not just...

Leave a comment