Advanced Persistent Threats (APTs) are able to slip past even the most cutting-edge security, but what if you could turn the tables on them? Instead of focusing on your perimeter defenses, what if you assumed that APTs were already hiding in your network and launched software specifically designed to hunt down these active, but hidden threats before they can do real damage?
For this review, we tested threat hunting systems from Sqrrl, Endgame and Infocyte. Each program was tested in a large demo environment seeded with realistic APT threats which had bypassed perimeter defenses and were hiding somewhere within the network of virtualized clients and servers. We also snuck active threats past perimeter defenses to see how these threat hunting programs detected, caught and killed the current breed of apex predators of the threat landscape.
We found that in order to deploy these products successfully, security professionals must change the way they normally think. These threat hunting tools are not the passive observers that we’re accustomed to, simply reacting to alerts triggered in the SIEM. Instead, these are aggressive hunters who prowl their own networks looking to prey on APTs and undetected malware.
Load up the big guns and join us in our hunt, only at Network World.