This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Announcing Cloud Hunt Missions in Mandiant Hunt

Posted on 06-13-2024 06:56 AM
lexrzasa1
Staff
Reply posted on --/--/---- --:-- AM

Threat hunting is a proactive cybersecurity process in which analysts apply analytics and novel detection techniques to surface ongoing or past attacks. We launched Mandiant Hunt earlier this year to supplement security operations teams with managed threat hunting. Weโ€™re excited to announce the general availability of cloud hunting missions supporting Amazon Web Services (AWS) and Google Cloud for Google Security Operations and Security Command Center customers. 

When searching for threats in multicloud environments, hunting missions are designed to focus on the tactics, techniques, and procedures (TTPs) that threat actors have been seen to use in real-life cloud compromises. Mandiant identifies the most common and impactful techniques used by threat actors from incident response engagements performed by Mandiant Incident Response Consulting and Mandiant Managed Defense.  

For examples of the types of cloud compromises that Mandiant sees on the frontline of incident response, check out the on-demand Google Cloud Next โ€˜24 session: Cloud compromises: Lessons learned from Mandiant investigations in 2023

Mandiant frames each mission with a hypothesis explaining how we may detect specific threat actor activity using defined data sources, such as cloud audit logs. Missions are commonly tied to a single MITRE ATT&CK technique, such as Cloud Infrastructure Discovery, and are inclusive of underlying procedures associated with the technique. Examples of procedures under the โ€œCloud Infrastructure Discoveryโ€ technique may include cloud API calls that collect information on a cloud environment, such as the AWS Simple Email Service (SES). 

 

compromise into hunts.png

When suspicious or malicious activity is detected through a hunt mission, customers receive an investigation report detailing the severity of the finding, asset(s) impacted, activity observed, associated MITRE ATT&CK technique, and relevant mitigation best practices. 

Ready to learn more about the Mandiant approach to threat hunting? Catch the on-demand webinar, Beyond Detection: Hunting in the cloud for threats

0 0 447
0 Likes
0 REPLIES 0