NEW

2024 True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

Basic Threat Hunting with Reveal(x)

How to search for risky database and DNS behaviors in a few clicks

Chase Snyder

April 29, 2019

Threat hunting is a little bit of a buzzword in the information security industry, and if you ask what it means, you'll get different answers from different people. There is no industry standard for what a threat hunting process looks like, but there are a few characteristics present in most descriptions of the process.

  1. Threat hunting is conducted by a human analyst. They can use whatever tools are available to them, including those leveraging automation and machine learning, but the overall process is executed by a person.
  2. Threat hunting is proactive. If you're reacting to an alert, that's an investigation or incident response motion. Threat hunting is all about proactively developing and testing hypotheses based on a combination of data and human knowledge on the part of the security analyst, in the hopes of uncovering security gaps or adversary behaviors that have not been detected by automated tools yet.

A side benefit of the exploratory nature of threat hunting is that it can help security analysts gain a better understanding of the environment they're responsible for securing, and can help even less experienced analysts hone their instincts to better understand and respond to threats.

This five minute video demonstrates how ExtraHop Reveal(x) enables quick, simple threat hunting activities even in large, complex enterprise environments using network detection and response. The video explores two scenarios, in which potentially risky DNS and Database activity are discovered and investigated.

We also wrote up a handy white paper to explain how security teams can use Reveal(x) to detect various real-world adversarial tactics, techniques, and procedures according to the MITRE ATT&CK framework: open that in a new tab.

Explore related articles

Experience RevealX NDR for Yourself

Schedule a demo