Based on the explosion of data and the emergence of consistent threats, enterprises have had to endure an entirely different security environment.

To address enterprise security challenges, Cyber Hunters Ltd. has created a holistic platform that analyzes the way attackers operate inside cloud environments based on their procedures, tactics and techniques, according to Uri May (pictured), founder and chief executive officer of Hunters.

“Hunters is a multi-tenant SaaS application running in AWS; it’s also a system that is highly tuned and specifically built to be very effective against detecting threats inside AWS environments,” May stated. “We’re leveraging data sets like AWS CloudRail and CloudWatch and VPC Flow Logs, obviously AWS GuardDuty, which is an amazing detection system that AWS offers to its customer, and we’re able to leverage it, correlate it with other signals.”

May spoke with theCUBE industry analyst Lisa Martin in advance of the “Cybersecurity — Detect and Protect Against Threats” event, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio, airing on Sept. 7. They discussed how Hunters is incorporating the analytical piece in cybersecurity and its partnership with AWS. (* Disclosure below.)

What is the ticking point for Hunters?

By completely liberating data from the analytical layer, May believes this makes Hunters distinctive. As a result, enterprises can own their data.

“That’s why we’re storing data in a dedicated data warehouse … Snowflake is one of our go-to data warehouses,” may said. “You, as a customer, can opt into using Hunters on top of your Snowflake. For some customers, the ability to reduce vendor lock risk on data on your own and also level security data for other kinds of workflows is something that is really huge.” 

Hunters provides security engineering as a service. This offers various advantages like automated investigations, according to May.

“When you buy Hunters, you don’t just buy a data platform; you actually buy a system … that is already populated with use cases,” he noted. “So what we are saying is that in today’s world, the threats that we’re handling as a [Security Operations Center] … are actually shared by 80% of the customers out there.  So that means that you are getting a lot of rebuilt tools and detections, data modeling to your integrations, automatic investigations, scoring correlations.” 

Since automation is at the heart of Hunters, threat detection becomes seamless because one of its key focuses is on the analytical lens. Therefore, the security analytic system generated drives real insights on top of the data, according to May.

“We’re leveraging very unique graph technology and what we call automatic investigation enrichments that allow us to take all of these signals that we’re extracting from all over the attacks,” he said. “So it’s not just a log aggregation, querying and dashboarding kind of system, it’s actually a security analytic system.”

The changing cybersecurity arena

Since the cybersecurity landscape has evolved, innovative tools have been necessitated. Sophisticated intelligence is fundamental when dealing with cybercriminals, malware and bad actors on the dark web, according to May.

“All of these things are being continuously deployed and delivered by us because we’re multi-tenant SaaS, allowing you again to get this effortless tail key kind of solution that is very different from your experience with your current SIEM tools that usually involves a lot of tuning, professional services, configuration, etc.”

The exponential data growth has led to the explosion of the security stack. As a result, the security operation center has become fundamental as the first line of defense, according to May.

“Some of our customers are using more than 60 or 70 different security tools that are generating sometimes tens of terabytes a day of flows,” he said. “As part of the ideation around Hunters and us zooming in on exactly the areas that we want to focus on in security, we talked with a lot of CISOs, we talked with a lot of industry experts, and everyone directed us to the security operation center.”

Since the demand for enhanced talent in the cybersecurity sector keeps growing, May believes offsetting is an ideal solution. Furthermore, dealing with data challenges is also a game-changer.

“If we had a team of five people investing efforts in building walls, building automation, and now three or four of these people can go and do advanced investigations, instant response, threat hunting interval, that’s meaningful,” he stated. “For a lot of SOCs, in a lot of cases, that means either identifying and analyzing a threat in time or missing it. One of the biggest data sets we’re loading that is tremendously helpful is raw data for [Endpoint Detection and Response] products.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s pre-event coverage of the “Cybersecurity — Detect and Protect Against Threats” event:

(* Disclosure: Cyber Hunters Ltd. sponsored this segment of theCUBE. Neither Hunters nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE