11 Dec How Enhanced Network Metadata Resolution Facilitates Network Threat Hunting
We recently announced a new version of our product – Bricata Delivers Improved Threat Hunting with Enhanced Network Metadata Resolution, Scalability, and View Customization – the fourth such update we’ve made to date this year (see the list below).
The improvements we made included a capability for security organizations to fine-tune the granularity of network metadata they capture to gain greater insight into the true nature of network activity.
That might sound heady, but questions we’ve fielded about this announcement suggests it’s being well-received by the market. We thought it would be useful to answer three common questions we’ve heard in cybersecurity circles here.
What is threat hunting and why do you need it?
Bad actors that are good at being bad know how to evade detection. Signature detection looks for a perfect match. Sophisticated threat actors know this and strive to work around it. Threat hunting allows you to find threats that don’t trigger an alert.
In plain terms, what has Bricata added with this enhancement?
One member of our team explained that a surveillance camera provides a good analogy to relate what Bricata has done for network security with this product update: It replaces grainy black and white surveillance footage with high-resolution video that shows color and identifiable detail. Bricata delivers high-fidelity Zeek (Bro) logs metadata for a detailed understanding of your network with the ability to drill-down to PCAPs for network truth when necessary. The higher resolution is useful for threat hunters because it provides the detail they need.
Why does metadata matter?
Network metadata describes or summarizes network transactions without requiring you to view the entire transmission. These include attributes such as the originating IP address, destination IP address, the network protocol being used (HTTPS), the number of packets sent and the byte count, among potentially hundreds of other attributes. This metadata can be used to create profiles that security can then monitor for deviations from the typical usage they see on the network. These anomalies may be red flags worth investigating.
A Steady Stream of Product Updates
Bricata has made several other significant product enhancements in 2018. Many of these have been focused on simplifying network threat hunting by building out workflows. Product updates in the last 12 months have included the following:
- May 2018: New Bricata Software Update Tackles Security Alert Deluge and Improves Network Threat Hunting Workflows with Focus on Anomalies
- January 2018: Bricata Unveils New Network Security Dashboard for Better Cyber Alert Triage and Threat Hunting
If you enjoyed this post, you might also like:
How Many Daily Cybersecurity Alerts does the SOC Really Receive?