Over the past five years, the deluge of increased cloud workloads, Software-as-a-Service (SaaS) enterprise applications, complex enterprise networks, zero-trust network and personal devices in a distributed workforce has changed the threat landscape.
This has created a difficult environment for security operations and risk management teams to integrate cyber tools across their IT landscapes to adequately detect and respond to today’s rising threats.
The sheer volume, variety and velocity of data has increased exponentially, creating demand for a fundamental architecture change in which cybersecurity, big data engineering and machine learning come together on one platform.
The influx of ransom threats fueled by cryptocurrency and the dark web require innovative approaches to hunting existing signals and proactively analyzing new behaviors with machine-learned insights
From Threat Hunting to a Security Operations Focus
When Hunters’ co-founders Uri May and Tomer Kazaz started their company, they envisioned a platform that would productize and automate threat hunting.
They recruited an impressive team of security researchers and encoded their thinking about the way attackers operate across the attack surface. They built a data pipeline that integrates raw data and telemetries across data sources, and they cross-correlated the data with Machine Learning to generate better insights.
Because the early version of the technology sat on top of other detection systems, Hunters was able to surface high fidelity and unique findings.
There was just one problem. The detection system only enhanced the other detection systems. Although the functionality was important, there was no sense of urgency or criticality to motivate enterprise adoption, especially when they were competing against established solutions for budget approval.
During the same time, Extended Detection and Response (XDR) became one of the top security conversations, and May and Kazaaz saw an opportunity to expand the company’s offerings.
“We wanted to define ourselves and expand the offerings – not just handle the threat hunting use cases but also alerts, triage, and investigations, incident response and everything a Security Operations Center (SOC) needs,” May explains.
The co-founders started managing alert queues and added dashboarding, reporting and investigation capabilities, creating an analytical platform to augment Security Information and Event Management (SIEM) technology.
Why We Invested in Hunters: Three Difference Makers
For the past few years, Cisco has focused on developing in-house innovation in XDR technology with our integrated SecureX platform, as well as looking for opportunities to partner and invest in companies who share our vision for a simpler and more transparent approach. Today, we are excited to announce our participation in Hunters’ Series C round.
Knowing what I know now about the company, I see three key differentiators Hunters has compared to its peers.
First, and foremost, they’ve built everything within a modern, portable, multi-tenant, cloud-native architecture. By separating the data and analytics layers, Hunters has been able to better support the exponential amount of data being generated in the stack.
Also, because Hunters’ agnostic data platform leverages rising cloud data platforms like Snowflake, they’re able to scale efficiently and enable their customers to own and store their data in a single data platform.
Secondly, Hunters gives enterprise customers an out-of-the-box, turnkey solution to detect, score and investigate threats. By marrying security expertise with machine learning, the system can write rules, build playbooks and automate.
“Up until now, when you bought a SIEM or a security analytics platform, you bought a blank platform and then you needed to write the rules. You needed to build the detection playbooks and the response automation, and you needed to wire everything to make it work together,” May says.
“We’re taking all the cyber expertise and insights from our research team and productizing it into the system. Take the Log4j vulnerability, for example. In a matter of hours, we were able to automatically deliver the ability to sweep, pinpoint and analyze all behavior associated with Log4j to our tenants’ analytics across all of their environments.”
According to May, the majority of an organization’s detection engineering needs can be delivered through Hunters’ out-of-the-box content.
Third is the system’s open approach to XDR. While closed XDRs offer a tight, vertical integrated solution from the vendor, they lack the efficacy, context and breadth of an open XDR.
“Imagine a two-dimensional graph, where the X-axis is the amount of integrations and the Y-axis is the depth of the integration,” May explains. “A closed XDR would have a very limited set of integrations and even though it can be very good at analyzing the data it is limited in context. An open XDR, on the other hand, combines the breadth and depth of integration, positioning it on the upper right corner.”
Cisco & Hunters
Cisco Investments is excited to support Hunters as they enter their next phase of growth -- further innovating their platform and services, strengthening their sales and partnerships and investing in talent.
We look forward to the opportunities for both companies as we begin our collaboration – seeing Hunters’ “data to context” approach as a natural extension to SecureX’s orchestration to provide a holistic platform for SOCs.
As the XDR market continues to evolve, Hunters will be a key player shaping the security detection, investigations and response space. We are honored to be part of their story.