• United States



UK Editor

Trustwave relaunches Advanced Continual Threat Hunting with human-led methodology

Jan 18, 20233 mins
Threat and Vulnerability Management

Cybersecurity vendor says enhancement allows for increased human-led threat hunting to uncover more behavior-based findings associated with specific threat actors.

Targeting user behavior.
Credit: SARINYAPINNGAM / Danler / Getty Images

Cybersecurity vendor Trustwave has announced the relaunch of its Advanced Continual Threat Hunting platform with new, patent-pending human-led threat hunting methodology. The firm claimed the enhancement will allow its SpiderLabs threat hunting teams to conduct increased human-led threat hunts and discover more behavior-based findings that could go undetected by traditional endpoint detection and response (EDR) tools.

New method hunts for behaviors associated with known threat actors

In a press release, Trustwave stated that its security teams regularly perform advanced threat hunting to study the tactics, techniques, and procedures (TTPs) of sophisticated threat actors. Trustwave’s new intellectual property (IP) goes beyond indicators of compromise (IoC) to uncover new or unknown threats by hunting for indicators of behavior (IoB) associated with specific attackers.

The patent-pending platform leverages MITRE ATT&CK framework-mapped queries derived from multiple EDR technologies through automation to specifically hunt for the IOBs of specific threat actors at scale, Trustwave said. Learnings are then applied to bolster Trustwave’s detection and response capabilities across its managed detection and response (MDR) clients, the vendor stated. The solution supports most popular EDR technologies available, such as Microsoft Defender for Endpoints, Palo Alto Networks Cortex XDR, and SentinelOne, Trustwave added.

Post-relaunch Advanced Continual Threat Hunting benefits listed by Trustwave include:

  • Human-led advanced threat hunting conducted at scale with threat actor intelligence
  • Discovery of malicious behavior-based activity, hidden, or persistent threats
  • Continual updates to threat intelligence and detection content after discovering new IoCs

Shawn Kanady, global director, SpiderLabs Threat Hunt Team, tells CSO that a behavioral activity-focused treat hunting approach is critical for modern organizations because it allows them to detect unknown threats that traditional threat detection and prevention and EDR tools can’t. “Automated hunts using tools based on IoC – for example, IP addresses or a hash of a file – alone are not sufficient to stop sophisticated threat actors who know how to evade detection. Additionally, as IOCs become known, attackers will change their infrastructure (e.g., domains, IPs, malware hashes).”

Hunting the Conti ransomware group

Kanady cites an example of a successful threat hunt using the new methodology to track the Conti ransomware gang. “One incredible finding was a remote access Trojan (RAT) that had resided in a client network for 11 months undetected,” he says. “At this point, one of the true highlights of Advanced Continual Threat Hunting became apparent. While searching for Conti, the team found evidence of other threats and security lapses.”

It is normal for one gang to borrow tricks from another, and these were now being discovered along with general security hygiene issues like unsecured legacy systems, open ports, and people making foolish mistakes like storing passwords on their computers, Kanady adds. “These issues are now all being found before they cause a breach or security incident. A typical security check would not uncover these problems.” As a result of the new methodology, the SpiderLabs Threat Hunting team has witnessed a three-times increase in behavior-based threat findings, Kanady claims.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author