Content + Strategy

Blog

Here are some articles I’ve written for various clients.

Modern Threat Hunting with ExtraHop Reveal(x)

Today’s threat landscape demands a lot from security analysts: unwavering attention, unflagging energy, and an uncanny ability to hunt for unknown threats on an organization’s network.

In a recent video, ExtraHop expert Josh Snow explains step by step how to proactively hunt for threats with Reveal(x). He begins by detailing the three key components:

  • Coverage. This includes data sources (logs, agents, network data), encrypted traffic, communication between devices and the network, and the correlation between these disparate streams.

  • Workflow. How easily are you able to access proprietary telemetry data to make correlated context-driven insights, and be able to search across large amounts of this data?

  • Retention. The ability to look back through historic organizational data to uncover and contain dormant threats.

These steps provide analysts with a rich data source and the broad spectrum coverage required to hunt for advanced threats—which is how members of the ExtraHop Detections Research and Data Science teams successfully detected and contained a Cobalt Strike attack on an organization's network environment.

Watch the video for a comprehensive guide to threat hunting with Reveal(x).

Paul Ditty