Our previous blog covered how FortiEDR eliminates malware and attacks early in the cyber kill chain and the benefits of proactive security. We know nothing in this life is guaranteed and no form of security is perfect. As stated before, Threat Hunting helps identify what circumvented the first line of defence. This blog will cover post-attack threat hunting.
Post-attack, Threat Hunting can assist in ‘following the breadcrumbs’ and identifying patient zero, peering back days, weeks or even months. While FortiEDR’s Forensics suite provides much of the answer with patented code-tracing technology, Threat Hunting is also an essential component.
While investigating an event, FortiEDR provides an intuitive experience with contextualised Threat Hunting hyperlinks enabling the SOC analyst to quickly retrieve the information required.
Figure 1.1 – Contextualized Threat Hunting – Events View
Figure 1.2 – Contextualized Threat Hunting – Forensics View
It is also possible to scan all (or selected) endpoints for specific traces of an attack – detonated samples, encryption activity, Command & Control (C2) communication etc. These can all be used to trace back to the point of origin – patient zero.
In the example below, an identified threat has been traced back to the use of Mimikatz – a tool commonly used by threat actors to steal credentials and elevate privileges. Using Threat Hunting, all uses of Mimikatz can be queried while sorting by date & time.
In this case the first use of mimikatz.exe is quickly identified with a “File Create” activity. This search also indicates the machine and user originally compromised.
Figure 1.3 – Using Threat Hunting to Find Patient Zero
Upon stumbling across a suspicious file it is also possible to either remediate (delete) or retrieve it for further analysis offline.
Shifting focus from file activity to network activity, FortiEDR’s Threat Hunting can be used to search for potentially malicious network communication, including C2.
While it is possible to perform searches using contextual GUI-driven workflows, some prefer to construct queries using the flexible Lucene syntax. In this example, it is used to identify all network connections to known bad IPs associated with Kinsing crypto mining.
Figure 1.4 – Using Threat Hunting Lucene Syntax
While this query can be conducted as a one-off search to identify historical indicators, the same query can be scheduled so that notifications are generated upon future occurrences.
The flexibility and breadth of these Threat Hunting features mean that performing post-attack investigations with FortiEDR enables organisations to respond to incidents more effectively and reduce MTTR.
FortiEDR threat hunting enables SOC teams to be proactive and ensures that even if something slips through the net, they have the necessary tools to find where it came from, where it went, and how to remove it. Ultimately the focus is to reduce MTTR when an attack has already occurred.
While Threat Hunting is a powerful tool for SOC analysts, what if your organisation doesn’t have a SOC team? Thankfully, Fortinet’s Managed EDR service – FortiResponder, includes Managed Threat Hunting. You can find out more here.For more information on FortiEDR’s threat hunting capabilities, please read this solution brief
Professional Cleaning Services
We provide cleaning services in Dubai for homes and offices. To clean hard-to-reach areas our team ensures to use of the right products. We prefer flexible green cleaning solutions. To make cleaning more enjoyable and effective we prefer concentrated cleaning solutions.
Our customers can easily book our services online. For our customers, we assist in finding experienced cleaners. We are providing both residential and commercial cleaning services. Cleaning services Dubai are available to help you out. Book now our professional technical services at very affordable rates. To make everything sparkling we use the right cleaning products. Call us to book an appointment for our cleaning services.
_ Move-in and move-out residential cleaning
_ Post-construction cleaning
_ Residential cleaning includes
_ Carpet, upholstery cleaning services
_ Floor vacuum cleaning
_ Dusting and scrubbing windows
_ Doors, door frames, and decorative items cleaning
_ Disinfection and sanitization of kitchen and bathroom
_ Deep cleaning services Dubai
_ Air-conditioner and ceiling fan cleaning
_ Other Services Includes
_ Commercial Cleaning Services
_ Painting services
_ Curtain fixing services
We provide high-quality technical services in UAE for home and office cleaning at a very affordable.
Our expert provides professional carpentry services, installation, and custom-making of all kinds of furniture pieces. We provide professional painting services for interior and exterior home painting, drywall repair, and pressure washing.
Contact us through phone call +971504485205, +971 4 5139088
or send an email to email@example.com
Trade Core Business Centre, 2nd Floor, Mankhool, Dubai, United Arab Emirates
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.