BACKGROUND

This specialty chemicals company, headquartered in Europe, has a leading position in the development and production of systems and products for bonding, sealing, damping, reinforcing, and protecting in the building sector and motor vehicle industry.

Their Global Cyber Defense Team is a small, distributed team of skilled security analysts and engineers, handling the security operations for the whole corporation.

When evaluating potential alternatives to their prior solution, their Cyber Defense Team Lead searched for a modern tool that could ingest all of the security data sources they need, while applying advanced correlation between them.

 

“I want to collect everything, no exception, but I don’t have the capabilities to create all these rules or do all the work, parsing and normalization of the data myself. That takes way too much time – I need help with this.”

Cyber Defense Team Lead
Chemicals manufacturing company
 
KEY CHALLENGES

  • The team suffered from visibility issues due to the limited data ingestion and retention
    capabilities of their previous solution. Onboarding specific data sources, such as
    semi-structured logs, could be a painful and expensive process.
  • Alternative solutions lacked advanced analytics capabilities, like machine learning based anomaly detection, relying instead on simplistic ‘if-then’ rules for generating alerts.
  • Insufficient automation meant that analysts spent a lot of their days manually investigating alerts. But without automated correlation capabilities, these investigations
    carried an extra degree of uncertainty as they relied solely on human efforts.


“What Hunters does is it allows us to confirm our suspicions. Let’s say we get a detection from an EDR tool. An analyst might look at it and see that it appears malicious, but you don't have the full context yet.

But now, the next step is to look this up in Hunters. And Hunters already has other data sources correlated together, so it significantly shortens the decision time on what to do. The main value is that you don’t need to do the investigation manually because it’s mostly automatically done for you already.”

Cyber Defense Team Lead
Chemicals manufacturing company

01

Reduced analyst workload

Hunters’ advanced correlation engine augments the Cyber Defense team's existing detection tools by correlating alerts among different data sources. Where analysts previously needed to investigate alerts manually, this burden is now an automated process within the platform.

02

Thorough data ingestion

Hunters SOC Platform’s ingestion engine allows the team to ingest data sources that were previously a challenge to onboard, such as JSON and semi-structured data sources. Our data retention capability provides increased peace of mind as a backup for their Security Data Lake.

03

Additional support from professional services

Team Axon provides the Cyber Defense team with both proactive threat hunting investigations and on-demand investigation services. In the past, after the team had detected an incident and called Team Axon for additional help, they were able to quickly provide a detailed report and show that the threat had been remediated.

04

Increased visibility with high-fidelity Attack Stories

In a purple-teaming exercise, all attacker activity was documented in Hunters’ Attack Stories, including events that were missed in the manual investigation. Activity that appeared benign to the human eye was detected as malicious by Hunters’ graph-based correlation engine.

05

Easy querying

Hunters’ Notebooks feature aids analysts in threat investigations, allowing them to easily query relevant data with SQL. As a bonus, Notebooks also allow easy querying for specific data governance use cases.

06

Additional pair of eyes

With Hunters’ out-of-the-box detections, the Cyber Defense Team can easily verify the coverage of the native detections from their existing security tools, and provide additional context with automated investigation and correlation.