SOC Platform, Product Announcement
Introducing IOC Search: Find indicators of compromise. Fast.
- Feb 1, 2023
- By Erik Goldman, Senior Product Manager
- 4 minutes to read
Search your environment for IOCs.
Using a search bar.
A really fast search bar.
Today, we are announcing Hunters’ IOC Search feature: a game-changing search tool to determine if a known IOC has been in your organization’s environment - without ever having to write a SQL query or understand the thousands of different event types and related fields in your log data.
With other tools, searching raw data logs is a highly specialized and time-consuming task. Analysts need to have a deep understanding of their vendors, log sources, data types, and their SIEM’s search tools in order to confidently determine whether an IOC has been in their environment.
Click here to take Hunters' IOC Search for a test drive (desktop only).
An analyst searching their CrowdStrike Falcon logs, for example, must understand the format of more than one thousand event types and the particular fields associated with each one, causing IOC sweeps to often be escalated to more specialized members of the SOC. Running complex queries like an IOC search across every log source and large, often multi-month, time windows can also lead to long search times and wasted compute power.
This is a big job.
About 3 years ago, Hunters launched simple search functionality across the entities and events marked as potentially malicious. While we knew that threat hunting use cases would need to extend to raw data, we didn’t have the technical resources to deliver a great, low-touch experience in search.
Now, that all changes.
Hunters IOC Search is setting a new standard for investigation tools.
The Hunters team spent months researching, testing and benchmarking solutions to come up with something that fits our philosophy that powerful tools should be accessible to everyone - not just SQL experts.
Building a state of the art IOC search bar means that it has to be supported by 3 key pillars: simplicity, speed and power.
Simplicity. Even the most junior person at the SOC will be able to use IOC Search as effectively as a cyber expert. They can sit down, type in an IOC, and hit enter. If nothing is found, they can immediately report those results to the team. If there are results, they can either dig in or escalate for further investigation. By making this tool easy to use, we’ve seen teams shift triage to lower-level analysts and free up specialized resources for more complex work.
Speed. It’s fast. Plain and simple. Most searches will return results in under one minute, even with time windows as wide as several months. If an IOC has never been in your environment, we don’t even need to look at the raw data – so these searches come back within seconds.
Power. Normally, speed means you sacrifice somewhere else. With IOC Search, this is not the case. By utilizing Hunters’ proprietary rollup technology, we are able to scan rollups of raw data logs from your most important log sources, so nothing is missed.
By making IOC Search on Hunters’ native infrastructure, these searches will be both fast and inexpensive. This is a big win in a space where it has been said recently that it can be cheaper for security teams to do nothing, rather than address a potential attack.
We at Hunters believe that this should never be the case. By combining the power and depth of raw searches in a typical SIEM with Hunters’ proprietary tools and low-touch philosophy, IOC Search leverages Hunters’ technical sophistication to offer speed and efficiency like nothing else on the market.
Erik Goldman diving into how IOC Search makes investigations more efficient and accurate.
The market needs this, and needs it now.
With the steady increase in security breaches comes a proportional increase in high-priority IOC lists and an expectation of quick answers to executives and even company boards. While there are always new challenges, Hunters aims to breathe a bit of hope into the industry.
Hunters already offers a robust, low-touch SOC platform that makes the entire workflow easier to manage. Adding features like our IOC Search exemplifies the philosophy of empowering security teams with tools that make them ready to face today’s and tomorrow’s threats.
This is an exciting announcement for Hunters, but it is only the beginning of where we are going to be taking search functionality into the next year. The best thing about cool and innovative products is that each one lays the foundation for the next. Stay tuned for more announcements, as our team is focused on ending 2023 with the best threat hunting experience on the market.
To learn more about Hunters' IOC Search, watch this walkthrough.