Threat Hunting Tools
All Products
(1-25 of 34)
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…
Cohesity is a leader in AI-powered data security and management. Cohesity protects the world’s most critical data workloads across on-prem, cloud-native, and SaaS with backup and recovery, threat intelligence, cyber vaulting, files and objects, and recovery orchestration.
Cyborg Security offers threat hunt and detection content with its HUNTER platform. HUNTER enables security teams to deploy advanced behavioral content in their environment with no extra appliances or resources. The HUNTER platform delivers threat hunt and detection packages for platforms…
ThreatDown replaces the former Malwarebytes for Business product suite, combining Malwarebytes' endpoint security capabilities in four bundles. The basic Core tier includes incident response, Next-gen AV, device control, vulnerability assessments, and the ability to block unwanted…
SOC Prime drives collective cyber defense relying on a zero-trust & multi-cloud approach and backed by Sigma and MITRE ATT&CK® technologies to empower smart data orchestration, dynamic attack surface visibility, and cost-efficient threat hunting.
Snare is a Deception as a Service (DaaS) solution offered by Lupovis. It goes beyond traditional cybersecurity measures by strategically deploying sensors and traps within 10 minutes to actively lure attackers away from valuable assets.
Sensors are deployed inside and outside a company's infrastructure. Inside to detect previously compromised assets, outside to d…
Starting from 7.99 USD/month per endpoint.
Managed Detection and Respons…
Stellar Cyber Open XDR platform delivers comprehensive, unified security, empowering lean security teams to secure their environments. Stellar Cyber helps organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments…
Carbon Black EDR is an on-premise incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements.
DNSTWIST is an open source threat hunting tool that allows a user to proactively scan for potentially hazardous domains.
Cybersixgill’s fully automated threat intelligence solutions help organizations fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response -- in real-time.
Intezer offers 24/7 monitoring and investigation of endpoints and security alerts, to identify and automatically resolve false positives, or provide contextual guidance and risk profiles. Within a minute after each new alert, Intezer provides assessments and recommended actions which…
Neosec is offers application security and API protection against business abuse and data theft. Built for organizations that expose APIs to partners, suppliers, and users, Neosec discovers all of the user's APIs, analyzes their behavior, audits risk, and stops threats lurking inside.…
Fidelis Elevate XDR automatically validates, correlates, and consolidates network detection alerts against every Fidelis managed endpoint in an environment. The vendor states users will minimize false positives and shift from clues to conclusions respond to the alerts that matter…
The Hunters XDR platform, from Hunters.ai in Tel Aviv, is cloud-native open XDR ingests, retains and dynamically cross-correlates all security telemetry to accelerate investigations and foster confident response to incidents.
Phishing Catcher is an open source threat hunting tool that allows a user to proactively search for potential phishing domains based on issued TLS certifications.
Juniper Advanced Threat Prevention (the JATP appliances) finds and blocks both known and unknown network cyberthreats. It uses SecIntel, Juniper’s security intelligence feed, along with sandboxing and machine learning to identify day-one threats. The ATP solution includes and supercedes…
Webroot Managed Detection and Response (MDR) provides 24x7 threat hunting, monitoring and response for business endpoints by augmenting cybersecurity tools with 24x7 human intelligence. MDR processes security information in near real time to hunt for, investigate and respond to incidents.…
The ThreatCure ShieldOps Platform assists businesses in increasing the visibility of various digital assets, and cloud workloads and aggregating them into a single platform to provide security leadership with a 360-degree view and assist in risk identification. Further assisting…
A tool to improve the performance of SIEM and XDR that, using automation and MITRE ATT&CK, continuously assesses the user's detection posture and eliminates coverage gaps, to help implement a threat-informed defense. The platform integrates via the native API of the organizations…
Insider Threat Intelligence (ITI) Overview
ITI is a software application that provides organizations of any size the ability to mature their Insider Threat Program. It empowers insider risk analysts with automation and analytics…
Anomali Match, from Anomali in Redwood City, is an extended detection and response (XDR) endpoint security tool used to detect and identify adversaries early in an organization’s network by correlating tens of millions of threat indicators against real time network activity logs…
SonicWall Capture Client is a unified client platform that delivers multiple Endpoint Detection & Response (EDR) capabilities, including behavior-based malware protection, advanced threat hunting and visibility into application vulnerabilities. The SonicWall Capture Client offers…
Learn More About Threat Hunting Tools
What are Threat Hunting tools?
Threat hunting, also sometimes referred to as cyberthreat hunting, is the process of analyzing a network to identify and preemptively neutralize unknown threats within the network. Threat hunting tools allow security professionals to quickly handle threats in an organization’s digital landscape before those threats have a chance to do harm to the organization. These tools can include advanced analytical input and output, security monitoring, integrated security information and event management (SIEM), security orchestration, automation, and response (SOAR) systems, and managed detection and response (MDR) systems.
When a bad actor breaches a network, they can remain undetected for weeks or even months. Malware, or malicious software, can cause vast amounts of damage by siphoning off sensitive information from the organization or the organization’s clients. This is where the concept of threat hunting comes in. Using data gathered by security analytics and threat intelligence software, security professionals can proactively scan, identify, log, nullify, and monitor the network for new potential threats. Threat hunting tools can be complementary to an organization's established security measures, and serve as an additional layer of security for the organization's network.
Threat hunting tools are closely related to threat intelligence, but the two aim to accomplish different goals. Threat intelligence is the process of using analytics to collect information on a specific threat which can be useful for identifying similar threats in the future. Threat hunting is the process of using data analytics to scan a network and act on any instances of threats that are discovered. In many cases, threat intelligence plays an active role in threat hunting.
There are three different types of threat hunting: structured hunting, unstructured hunting, and situational or entity driven hunting. Structured hunting is driven by traits of an attacker such as indicators of attack and techniques and procedures. Unstructured hunting is guided by triggers, or events that alert hunters to threat patterns found within the network. Finally, situational or entity driven hunting is defined by a situational hypothesis or an entity-aligned lead which guides where the threat hunter should look in the network.
Threat Hunting Platforms Features & Capabilities
Threat hunting requires a wide range of features and functions. These typically include:
- Machine learning
- Artificial intelligence
- Statistical analytics
- Intelligence analytics
- Behavioral analytics
- Security monitoring and analytics
- Integrated SIEM systems
- Integrated SOAR systems
- Integrated MDR systems
- Threat intelligence
- Spreadsheets
Threat Hunting Platform Comparison
The platform’s integrations, security and reporting, and threat intelligence are crucial to the successful identification and termination of threats within a network. Some organizations may also find tools that allow for additional reporting and logging of threat patterns, which could provide insight for preventing them in the future. To better compare threat hunting tools, consider the following:
Analytics: A good tool should be able to use analytics and insights to identify threats, and then provide information about the threat afterwards. Threat hunting tools use analytics to establish patterns of behavior based on each threat’s tactics and techniques. This allows an organization to adjust their security landscape and better prepare for threats using similar patterns. Look for a tool that values the information that can be gathered from hunting a threat and then shares the information in as much detail as possible.
Features: When comparing threat hunting tools, keep in mind that some tools offer different features. These could range from specific functionality that a tool specializes in, such as MDR, to a suite of features that include a variety of different services. Features can add to the overall scope of your organization, or it could be that you may have such systems in place already. In either case, it would be important to consider how additional features could play a role in your existing network systems.
Open Source vs. Paid Products: Pricing is another important aspect of threat hunting tools to consider. It should be noted that many of the products in the free range are open source, which means they will require a certain degree of technical knowledge to implement effectively. The trade off is that a user can fully customize open software to their needs. Open source threat hunting tools will cost less upfront but require more set up initially, while closed source threat hunting tools may cost more but come with dedicated teams to handle most of the setup work.
Pricing
There is a range of pricing options available for threat hunting tools ranging from free to enterprise level packages which can cost upwards of hundreds of thousands of dollars.
For users who feel more comfortable with downloading and installing program files, open source solutions may be a better choice. These solutions offer users the ability to customize and personalize the threat hunting tools specifically to their needs. However, if scalability is a concern, you may want to consider closed-source solutions.
Closed-source solutions, or paid solutions, are typically billed on a monthly basis per endpoint that is protected. For users looking for threat hunting tools and services that are already packaged together and scalable with business needs, a paid option might be the way to go. Most of these solutions offer services to scan, monitor, and handle threats within a network, and sometimes include a dedicated team of analysts to manage your network activity.