• United States



Samira Sarraf
Regional Editor for Australia and New Zealand

Team Cymru launches threat-hunting tool aims to fast-forward analysis

Jun 19, 20232 mins
Application SecurityData and Information SecurityThreat and Vulnerability Management

The new scouting tool for threat hunting and malicious infrastructure analysis promises to level up users’ security operation centers.

Female Software Engineer Working in a Modern Monitoring Office with Live Analysis Feed with Charts on a Big Digital Screen. Monitoring Room Big Data Scientists and Managers Sit in Front of Computers.
Credit: Gorodenkoff / Shutterstock

Team Cymru has launched Pure Signal Scout, an external threat-hunting and malicious infrastructure analysis tool to "level up" security operations centers (SOCs). Under the promise of being the "fastest" tool available for threat insights, Pure Signal Scout is expected to save analysts' time by providing fast answers to complex queries.

"We are now achieving in one working day what used to take several," Josh Picolet, team leader of Team Cymru's S2 Threat Research, said in a statement. This includes determining if an IP is important to a threat investigation. Another point factoring in the speed of response is that Scout is cloud-based and designed to eliminate the need to deploy multiple data services and solutions. It also eliminates the need to create custom scripts to combine disparate threat feeds and data sources.

Scout was designed to enable analysts of all experience levels to see previously unseen activities, helping companies with insights to identify and counteract threats.

Team Cymru said that prior to Scout only experienced analysts from Fortune 50 organizations had access to products using external threat telemetry that includes NetFlow, PDNS, and many other datasets that enable threat hunters and security analysts' visibility beyond their own networks.

Those using Scout have access to Team Cymru's Pure Signal threat intelligence and enable visibility of cyber adversary infrastructure and network activity before, during, and after a cyberattack. It provides an intuitive interface and API integrations, which allows for many use cases. Furthermore, analysts can merge results across internal logs, SIEM solutions, and data tools to gain a broader picture and more precise intelligence.

"Using Scout's API, tools like analyst notebook Maltego, or even SIEM tools like QRadar and Splunk, can support automation through integration. This enables organizations to create their own threat intelligence, and then build workflows that better support their security objectives," a spokesperson tells CSO. Scout also offers 24/7 helpdesk support to customers. Pure Signal Scout is available now, globally, with user-based pricing on a subscription model.