• threat hunting

    Threat hunting as an essential component of security. It is the proactive, stealthy, and surgical detection and eviction of adversaries inside your network without known indicators of compromise. Hunting is an offense-based strategy; hunting is thinking like the attacker. The core Endgame console can be deployed as a virtual machine or placed on a physical system like an appliance. It can also exist in a cloud or hybrid environment. Once up and running, the program needs to deploy agents onto all the endpoints of the network that will be protected. The agents are powerful, able to work with Endgame to stop processes, delete files and restrict access to machines when needed. In a sense, the agents arm the hunters who will be prowling the network looking for threats. Not only can hunters find threats with Endgame, they can analyze and even destroy them. Adversary hunting is the stealthy and surgical detection and eviction of adversaries within your network without prior adversary knowledge or known indicators of compromise. The goal of hunting is to detect and evict adversaries that have bypassed defenses before damage and loss can occur. To do so, a hunter must be able to enter the network undetected, identify the adversary at any stage of the kill chain, and evict them without disrupting running systems. There are three key components of adversary hunting: stealth, early detection, and surgical response.