Hunters' open XDR empowers SOC teams with an automated decision support system they can rely on, while optimizing their existing security stack.
We are a group of cyber and technology experts, veterans of the Israeli Defence Forces’ 8200 unit, with vast background in adversarial cyber. Our mission is to revolutionize security operations by automating and expediting decision making with a new standard of adversary-proficiency. In doing so, we enable organizations to become ever so attack ready. Hunters XDR transforms exceptional knowledge of how attackers think and act, into a proactive endeavor so that you can detect and stop attacks at their root.
How will the product/service, assist orgenizations dealing with current cyber threats?
Hunters cloud-native, vendor-agnostic, open XDR is purpose-built to help security operations
teams align numerous security tools into a cohesive security incident detection, investigation
and response platform. Autonomous attack analytics identify and present real incidents -with
context- to drive rapid, effective SOC response.
1. Extend Data Usability: Vendor-agnostic ingestion, normalization, cross-correlation and storage of data across the entire attack surface at cloud scale.
2. Gain Incident Clarity: Accelerated threat detection, understanding and response workflow with an autonomous threat management system.
3. Elevate Business Impact: Freed up SOC from rudimentary and repetitive tasks to focus on value added work, and freed up budget to build and improve security posture.
Technical description of the product/service
Open XDR - Extended Detection and Response - is an emerging set of technologies aimed to collect and automatically correlate data from multiple security and IT sources, unifying them into a single threat detection, investigation and response platform.
Seamless, Flexible Ingestion: Using cloud connectors to pipe into existing security tools, or directly connecting to SIEM, Hunters XDR collects logs, events and telemetry from dozens of data sources on premises and in the cloud, including EDRs, NDRs, Cloud service providers, Firewalls, Identity and Access Management tools, and more.
Detection Engine: Hunters XDR extracts threat signals and alerts from petabytes of existing security data using a stream processing analytics technology. It enables near real-time processing and complex analytics. Threat signal extraction is guided by Hunters’ TTP-based attack intel which is also mapped onto a MITRE ATT&CK technique.
Investigation, Scoring and Prioritization: In order to contextualize threat signals, Hunters XDR performs autonomous investigations. It automatically extracts features and entities that were involved in a specific suspicious activity, and leverages ML to score them from 0 to 100, allowing for an easy prioritization and quick triage.
Cross-Surface Correlation: Hunters uses unsupervised learning to correlate signals and alerts across disparate areas of suspicious activity in the Graph (e.g., suspected phishing email followed by malware downloads on gateway and EDR), and surface actionable Attack Stories.
Actionable Insights, Response and Remediation: Hunters’ Attack Stories include full attack summary and outline, with details such as context, path, target and potential impact. Attack stories are pushed to customers as high confidence findings which can be escalated leveraging existing workflows such as SOAR and ticketing systems.