A few weeks ago, we announced the integration of Hunters SOC Platform with the Databricks Lakehouse, allowing Databricks customers for the first time to stand up a security data lake for security operations (data ingestion, detection, investigation and response) in just a few clicks.
Today we’ve reached a new milestone in the integration between the two products as well as our partnership with Databricks, as Hunters SOC Platform is now available on Partner Connect, Databricks’ centralized portal to help you find and integrate data, analytics, and AI solutions with your Lakehouse.
What can Databricks customers do with Hunters SOC Platform?
Build a Security Data Lake
One of the biggest burdens of security teams today is managing the ingestion of terabytes of data from dozens of security products. Hunters eases this process with a state-of-the-art engine that provides scalable ingestion, monitoring and optimization. Moreover, it comes prebuilt with a large library of off-the-shelf integrations that can be set up in minutes.
Hunters SOC Platform ingests and performs the ETL of all security-related data into the customer's Databricks Lakehouse using the customer's cloud storage, so the customer gets to retain full ownership of all the security data. The Hunters ETL follows the Databricks' Medallion Architecture model storing the raw data and also normalizing the data into a unified schema that will facilitate further analysis.
Detect and Investigate Incidents
Hunters provides a library of hundreds of built-in detection rules that cover the majority of the threat landscape, mapped onto the MITRE ATT&CK framework. This allows customers to visualize coverage and understand their security gaps. All detection rules are pre-verified on real-world customer data to minimize false positives and excessive alerting. The detection rules are deployed directly to all customer tenants without requiring any action or tweaking, thereby automatically reducing the cybersecurity risk with little operational overhead.
Each alert also passes through an investigation engine, where it is automatically enriched with contextual information from various sources, and sophisticated dynamic scoring is applied to it to reduce alert fatigue and help security teams manage their SOC workloads more efficiently.
When the SOC analyst gets to an alert, all contextual information is provided in a single pane of glass to expedite triage and investigation. The contextual information goes beyond 'simple' enrichment of IP addresses with threat intelligence feeds, to deep correlation such as linking the user name in a CrowdStrike EDR alert with login records from the Okta authentication logs. Hunters' deep correlation capability is powered by a graph correlation engine: Alerts across entities and attack surfaces are automatically correlated on a graph.
Search & Incident Response
Having all of your security data stored in a modern data lake has great advantages for incident responders, and anyone who wants to gain insights on massive amounts of data.
Using Hunters and Databricks, customers can not only store petabytes of data, but also make use of them in their day-to-day investigations and in their most critical incidents. Some capabilities that support this are the following:
GETTING STARTED ON DATABRICKS PARTNER CONNECT
Simply search for ‘Hunters’ on Partner Connect.
Once you sign up, you’ll get access to a free version of Hunters, which allows you to:
If you want to unlock the full SOC Platform experience, you can request access and one of our experts will guide you through.
* Note that Hunters SOC Platform is available for Databricks on AWS environments only.