Review: Mantix4 provides threat hunting as a service

Mantix4 provides robust threat hunting tools for use by clients, but it also takes threat hunting into the software as a service (SaaS) realm, employing a team of experts to hunt on the client's behalf.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Given the insidious nature of advanced threats, it’s almost a certainty that every organization of any size will eventually be hacked or compromised, regardless of what or how many cybersecurity defenses are in place. In response, the somewhat new concept of threat hunting is becoming an increasingly important part of cybersecurity defenses.

But true threat hunters are rare, even compared with the shortage of other IT workers and cybersecurity personnel. Threat hunters are trained to look at a variety of factors within a network from traffic and DNS records to SIEM reports and almost everything else. The best hunters examine that data to come up with hunches about things that don’t quite feel right. They then set out to track down and uncover threats within their network that may have eluded other analysts and security programs.

We have reviewed quite a few threat hunting programs in the past. However, almost all of them were designed as tools to help threat hunters do their jobs. The problem with that is that it requires organizations to have threat hunters in the first place. Otherwise, it’s like handing a sleek new rifle to someone who has never shot a gun before, and sending them off into the woods with the expectation that they will bring back dinner.

The Mantix4 platform (named after the apex predator of the insect kingdom the praying mantis) seeks to solve the people problem. While the program provides robust threat hunting tools for use by clients, the company also employs a team of experts to hunt on their behalf. It takes threat hunting into the software as a service (SaaS) realm.

Mantix4 was originally designed for the Canadian government’s Department of Public Safety, which is the equivalent of the Department of Homeland Security in the United States. In Canada, Mantix4 helps to defend networks sitting in ten sectors considered critical infrastructure, rooting out threats that might bypass more traditional protection.

Mantix4: real time connections John Breeden II/IDG

At the topmost level, the Mantix4 console can show all incoming and outgoing connections in real time, providing a quick view of any suspicious network activity.

The system is deployed as two components. The first part is comprised of observer sensors that sit at critical points within a protected network, either alongside routers or at network gateways, though they can be deployed almost anywhere depending on the need. The sensors are lightweight enough to be housed inside a virtual machine, or within a network server with additional bandwidth. However, because the observer sensors process and record a lot of traffic, the best deployment is probably going to be as a small appliance that hosts nothing else, something the company provides. The sensors can be set to work inline, or to passively sniff network traffic.

To continue reading this article register now

NEW! Download the Winter 2018 issue of Security Smart