ONE9
YOUR THREAT HUNTING ARSENAL
CLOUD DELIVERED
THREAT HUNTING EXPERTIES
Threat hunting plays a critical role in early detection of attacks and adversaries. It constitutes a proactive approach that is human lead and that actively searches for suspicious activities rather than passively relying on technology to automatically detect and alert on potential attacker’s activity. Early detection and investigation of such activities allow organizations to stop attacks before they can do damage.
ONE9 hunters are alerted by triggers that could potentially indicate malicious behavior. It could be a detection that has too low a level of criticality for Alpha host to act on independently, such as a firewall being disabled. This behavior could be a standard practice used by an administrator to temporarily get a job done, or it could be an adversary carrying out an attack. By tracking the context, the ONE9 can understand whether it's an adversary or a legitimate user.
RaptorX ONE9
Threat Hunting
Continuously hunting for adversaries on a 24x7 basis, reducing false negatives by augmenting existing security capabilities and covering gaps in advanced threat detection and incident response, resulting in reduction and even elimination of attacker’ dwell time.
Guided Response
Threat hunters partner with your security operations team to provide clarity on the adversaries and guidance on how to contain it, reducing response time to a minimum.
Alert Prioritization
Uniquely identify the most urgent adversaries in your network and resolves false positives.


START 15-DAY TRIAL NOW

01
Based on that trigger, ONE9 will conduct an in-depth forensic analysis. For example, they will examine how many times that action took place in the entire environment. In this example, if it was run by 450 out of 500 machines, then the likelihood is high that it was normal administrative behavior. But if it was run on only a handful of machines, ONE9 hunters might dig further.
02
At that point, ONE9 analysts might also look into the "ancestry" of the activity. This could involve examining the main process that triggered the detection, and looking up a level to see what system process initiated that activity, to find indications as to whether it was a standard process or something that looks suspicious. If it does appear potentially malicious, they'll keep moving up the chain of activity to find the initial point of origin.

03
