Cybersecurity vendor Trustwave has announced the relaunch of its Advanced Continual Threat Hunting platform with new, patent-pending human-led threat hunting methodology. The firm claimed the enhancement will allow its SpiderLabs threat hunting teams to conduct increased human-led threat hunts and discover more behavior-based findings that could go undetected by traditional endpoint detection and response (EDR) tools.New method hunts for behaviors associated with known threat actorsIn a press release, Trustwave stated that its security teams regularly perform advanced threat hunting to study the tactics, techniques, and procedures (TTPs) of sophisticated threat actors. Trustwave\u2019s new intellectual property (IP) goes beyond indicators of compromise (IoC) to uncover new or unknown threats by hunting for indicators of behavior (IoB) associated with specific attackers.The patent-pending platform leverages MITRE ATT&CK framework-mapped queries derived from multiple EDR technologies through automation to specifically hunt for the IOBs of specific threat actors at scale, Trustwave said. Learnings are then applied to bolster Trustwave\u2019s detection and response capabilities across its managed detection and response (MDR) clients, the vendor stated. The solution supports most popular EDR technologies available, such as Microsoft Defender for Endpoints, Palo Alto Networks Cortex XDR, and SentinelOne, Trustwave added.Post-relaunch Advanced Continual Threat Hunting benefits listed by Trustwave include:Human-led advanced threat hunting conducted at scale with threat actor intelligenceDiscovery of malicious behavior-based activity, hidden, or persistent threatsContinual updates to threat intelligence and detection content after discovering new IoCsShawn Kanady, global director, SpiderLabs Threat Hunt Team, tells CSO that a behavioral activity-focused treat hunting approach is critical for modern organizations because it allows them to detect unknown threats that traditional threat detection and prevention and EDR tools can\u2019t. \u201cAutomated hunts using tools based on IoC \u2013 for example, IP addresses or a hash of a file \u2013 alone are not sufficient to stop sophisticated threat actors who know how to evade detection. Additionally, as IOCs become known, attackers will change their infrastructure (e.g., domains, IPs, malware hashes).\u201dHunting the Conti ransomware groupKanady cites an example of a successful threat hunt using the new methodology to track the Conti ransomware gang. \u201cOne incredible finding was a remote access Trojan (RAT) that had resided in a client network for 11 months undetected,\u201d he says. \u201cAt this point, one of the true highlights of Advanced Continual Threat Hunting became apparent. While searching for Conti, the team found evidence of other threats and security lapses.\u201dIt is normal for one gang to borrow tricks from another, and these were now being discovered along with general security hygiene issues like unsecured legacy systems, open ports, and people making foolish mistakes like storing passwords on their computers, Kanady adds. \u201cThese issues are now all being found before they cause a breach or security incident. A typical security check would not uncover these problems.\u201d As a result of the new methodology, the SpiderLabs Threat Hunting team has witnessed a three-times increase in behavior-based threat findings, Kanady claims.