Outwitting an enemy requires understanding how they think and why they act. Unfortunately, in the current cybersecurity war, the black hat hackers are winning the battle of wits: Cybercrime is the number one type of fraud experienced across all industries.

The problem doesn’t come from a lack of effort by the good guys. Security teams are hampered by chronic understaffing and outdated tools, while criminal gangs work for the thrill and are funded by nation-state actors or the lucrative gains of their illicit trade.

Security information event management, or SIEM, solutions dominate the market — the “2022 SIEM Report” states that nearly 90% of companies use SIEM or plan to implement one in the future – but SIEM isn’t coping with today’s fast-paced security landscape. Security teams struggle to keep up with false positive alerts, a lack of budget, rules creations, maintenance, updates (which lead to even more false positives and more work) and correlating attack techniques and threat research.

Aiming to disrupt the market by replacing reactive SIEM with proactive autonomous threat hunting is security operations center, or SOC, platform provider Cyber Hunters Ltd. (known as Hunters).

“The well-known secret around [SIEM] is it’s a broken space,” said Ofer Gayer (pictured, left), vice president of product at Hunters. “It’s one of the most mature markets in cybersecurity, but it seems like every single customer and organization we talk to don’t really like their existing solution. It doesn’t really fit what they need. It’s a very painful process, and it’s painful all across their workflow.”

Gayer and Lital Asher-Dotan (pictured, right), chief marketing officer of Hunters, spoke with theCUBE industry analyst Lisa Martin at the “Cybersecurity — Detect and Protect Against Threats” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Hunters’ automated SOC platform can take the pressure off stressed security teams and give them time to target cybercriminals strategically and proactively. (* Disclosure below.)

Autonomous hunters prowl the attack surface seeking out signs of cybercrime

Hunters was founded by a group of cybersecurity engineers and ex-military security personnel from the elite Unit 8200 of the Israeli Intelligence Corps. The goal was to create an automated platform that could outsmart attackers at their own game. The company started its growth phase in 2019 with $5.4 million in seed funding and earlier this year closed $68 million in series C investments. As well as early adopter Snowflake Inc., the company counts Databricks, Microsoft M12 and Amazon Web Services as strategic partners.

“We’ve seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations,” Asher-Dotan said. “The tool sets that are currently being used by security teams are not efficient anymore. They cannot deal with the plethora of a variety of data. They cannot deal with the scale that is needed.”

The current process of securing a digital organization with SIEM solutions is an “endless task with a lot of moving pieces,” said Gayer, describing it as “this black hole that you have to keep feeding with more and more resources.”

And when it comes to investigating a potential breach or emerging threat, SIEM is “like this bad boss that gives you very little instructions or guidelines, and then you need to figure out what is it that they asked,” according to Gayer, describing how analysts are hunting the data, looking for the bits and pieces they’re missing to complete the picture rather than targeting the attackers.

“From start to finish, it’s a very painful process that impacts everybody in the security organization,” he added.

Due to these problems, plus tool proliferation, the inability to handle data at scale and the prohibitive costs of easily accessible storage, many companies compromise and end up with data sets spread across many silos, unable to be accessed when a security incident occurs. Hunters believes this trade-off is unnecessary and costly.

“[Data is] a commodity today. Everything should be retained, kept and used appropriately without the team needing to ration what they’re going to use versus what they’re not going to use,” Asher-Dotan said.

By giving customers the ability to ingest all their data based on a simple cost model, Hunters has helped reduce up to 75% of their data costs, according to Asher-Dotan.

“So, basically, you can ingest everything that you have across all IT tools that you have in your environment,” she stated.

Hunters balances the security workload so 80% is automated and 20% custom

Hunters helps both traditional companies that have transitioned to cloud and cloud-native customers handling their large-scale data security challenges by automating the data gathering and storage process. One of Hunters’ very first customers was born-in-the-cloud data warehouse disruptor Snowflake Inc.

“They have so much data that going the direction of traditional tools to aggregate the logs, cross-correlate them doesn’t make any sense with the scale that they need. They need the cloud-based approach,” Asher-Dotan said.

Hunters’ SOC platform takes control of the SOC workflow, gathering data into a centralized location, monitoring proactively for threats, and making data easily accessible for incident investigation and response. Automation is enabled by the fact that over 80% of global threats are common across all organizations in the world. And a similar figure applies to shared environments, as companies use the same or similar tools and cloud services. This leaves only 20% of the workload unique to each company. Hunters refers to this as the 80/20 detection and response approach.

“We automate, we write the rules, we cross-correlate. We provide those services out of the box,” Asher-Dotan said.

As an added benefit, Hunters provides its customers with the backup security of its Team Axon, which Gayer described as “the bat-signal” for security help. This team of world-class experts will jump in during an emergency to help resolve it and mitigate damages.

“We have the knowledge, we see attacks across industries, and we have the researchers and the capabilities to be on top of those things,” said Asher-Dotan. “We do it, so your team doesn’t have to.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity — Detect and Protect Against Threats” event:

(* Disclosure: Cyber Hunters Ltd. sponsored this segment of theCUBE. Neither Hunters nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE