Intel 471 is pleased to announce that HUNTER, the leading platform for intelligence-driven behavioral threat hunting, now fully supports Google Security Operations (SecOps), Google Cloud’s unified security platform that empowers security teams to better detect, investigate, and respond to threats.
Google SecOps customers can now access and use Intel 471’s library of advanced behavioral threat hunt packages on the HUNTER behavioral threat hunting content platform. HUNTER hunt packages go beyond reactive detections for indicators of compromise (IOCs) and provide threat hunters with security platform queries verified to identify advanced threat behaviors and adversary tactics, techniques and procedures (TTPs).
The Intel 471 HUNTER platform offers over 700 of expertly crafted and continually updated behavioral threat hunting packages that our threat hunting experts have tested, validated, and now tailored to the Google SecOps cloud-native security information and event management (SIEM). HUNTER behavioral hunt packages are fueled by Intel 471’s renowned cyber threat intelligence (CTI) capabilities and advanced threat actor profiling, enabling true intelligence-driven threat hunting for top-tier adversary TTPs.
With full SIEM query support for Google SecOps, threat hunters and analysts can easily navigate to any of HUNTER’s threat hunt packages and select Google SecOps queries that have been validated by our threat hunters to identify malicious behaviors and the evolving tactics, techniques and procedures (TTPs) of advanced threat actors. This saves your team hours of work in research, writing, testing, and validating queries, allowing them to rapidly launch new hunts on Google SecOps and focus on proactively detecting, investigating, and mitigating threats before they cause significant harm to the organization.
Google SecOps customers can now also take advantage of Intel 471’s tried and tested centralized threat hunt management framework, the HUNTER Hunt Management Module (HMM). Teams leverage the HMM to scale up their behavioral threat hunting operations with consistent and repeatable processes, enabling them to quickly identify new threats and move on to the next threat. The HMM allows teams to assign, track, and manage hunts, store and manage hunt queries and findings, and measure key hunt performance metrics that demonstrate the business value of their hunt activity.
Google SecOps customers can take advantage of the new “Bring Your Own Hunt” (BYOH) capabilities in the HMM and leverage Intel 471’s rigorous methodology for hunt management to enhance their own hunt content and maximize the effectiveness of past and future hunting activity.
Customers can align their own previously developed Google SecOps hunt content with the contextual intelligence and documentation Intel 471 provides in our HUNTER hunt packages, including up-to-date threat intelligence and new TTPs, tactical runbooks, and contextual information to guide analysts throughout the hunt lifecycle. Just like our HUNTER packages, Google SecOps customers can also tag custom hunt packages with threat actor identifiers and map their TTPs to the MITRE ATT&CK framework.
Organizations building in-house threat hunting capabilities to combat advanced threats need the right tools and intelligence-driven behavioral hunt content to ensure consistent, reliable hunt processes that identify threats and visibility gaps.
Signing up to the HUNTER Community provides access to dozens of these hunt packages, offering:
Malware distribution campaigns that trick people into copying and pasting malicious commands, known as ClickFix, have been wildly successful. Here's an examination of ClickFix and how to defend against it.
The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.
The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.