Real-Time IoB Threat Hunting
The Problem
Modern threat detection requires data – lots of data – typically from multiple sources. This brings with it a number of interesting data engineering challenges, especially when we want to materialize that data into a single view and execute analysis in a timely and cost-effective manner. Finding indicators of behavior (IoBs) in real time amplifies already significant challenges: processing enough of the right kind of data from multiple sources in a timely fashion is beyond the capability of most systems.
The Solution
Quine + Novelty Detector together cover all aspects of real-time, automated, behavior-based threat hunting: Quine is used to detect known patterns (STIX) and emit scripted playbook responses (CACAO), while Novelty Detector uses patented categorical anomaly detection techniques to identify emerging threat patterns that are eventually fed back into Quine as new IoB patterns.
Quine Enterprise provides commercial support and licensing for both clustered Quine and Novelty Detector, meaning you can easily add real-time, behavior-based threat hunting to your stack easily.
Key Value Take Away
- Quine + Novelty Detector detect both known and emerging behavioral patterns in a single workflow.
- STIX Compliant, real-time detection of Indicators of Behavior (IoBs) and generation of STIX message events
- Joins multiple data sets to enable real-time identification of IoBs across domains
- Automate STIX indicator additions via API, as well as CACAO Playbook event triggers for remediation
- Native support for categorical data simplifies operations and provides human-readable alerts for analysts
Recent posts
-
Stateful Digital Twin
The Problem While digital twins and the emerging subcategory of asset graphs promise operators greater visibility into the relationships between IT assets and equipment under management, current approaches…
-
Real-Time IoB Threat Hunting
The Problem Modern threat detection requires data – lots of data – typically from multiple sources. This brings with it a number of interesting data engineering challenges, especially…
-
Advanced Persistent Threat (APT) Detection
The Problem Discovering advanced persistent threats (APT) is, by design, akin to finding a needle in a haystack. The threat actors behind APTs combine multiple tactics, techniques, and…
Want to read more news and other posts? Visit the resource center for all things thatDot.
Help Center
Streaming Graph Help
Novelty
View all