Threat hunting on endpoints can help organisations identify malware and other security risks to help them stay ahead of threats and strengthen their security posture. Being equipped to quickly identify a threat can prevent a breach from occurring and is vital in stopping malicious actors before it is too late.
With new threats emerging at a rapid rate over the last 12 months, it is crucial that organisations make threat hunting strategies their priority to limit the risk of them being vulnerable to compromise.
Open Threat Exchange (OTX) Endpoint Security, from MTI partner AT&T Cybersecurity, is a free threat-scanning service in OTX that is powered by the AlienVault Agent. It allows organisations to scan their endpoints to hunt for the presence of known Indicators of Compromise (IOC) catalogued in the OTX global intelligence community.
OTX enables organisations, independent security researchers and government agencies to openly collaborate and share up-to-date information about emerging threats, attack methods and malicious actors to help achieve greater security across the community.
As the world’s first truly open threat intelligence community, any member of the security community can contribute, discuss, research, validate and share threat data. Over 100,000 participants across 140 countries contribute in excess of 19 million threat indicators daily, making it one of the most comprehensive IOC catalogues.
How OTX Endpoint Security works
OTX Endpoint Security is the only free threat hunting service that natively uses the community-powered threat intelligence of OTX to deliver the highest levels of threat intelligence. OTX Endpoint Security utilises the same agent-based approach as expensive endpoint security tools, but without the guesswork, complexity and costs.
Organisations can gain access to threat intelligence to enable them to effectively prioritise threats and strengthen their defences to protect against them.
How it works
-
- OTX Endpoint Security is available to any registered Open Threat Exchange user. It’s free to join OTX.
-
- To get started, download and install the AlienVault Agent on the Windows or Linux devices you want to monitor. The AlienVault Agent is immediately ready to find threats.
-
- Launch a query on any endpoint from OTX by selecting a pre-defined query that looks for IOCs in one or more OTX pulses. Each query must be launched manually.
-
- Once launched, the AlienVault Agent executes the query and the results of the query display on a summary page within OTX.
Upon activation of the AlienVault Agent, device data is collected and stored in OTX, including computer name, hostname, external IP, OS type and version.
Scans return additional data, which are fully displayed in the Scan Results view. This may include file path, IP address and ports (source and destination), command line of running processes, process IDs, process working directories and file hashes of files on your system (SHA-1, SHA-256, MD5).
The AlienVault Agent only collects the data relevant to detecting threats during endpoint scans. All data is available in the Scan Results view and is not shared by AlienVault for any other purpose.
Why choose OTX Endpoint Security?
There are many benefits for organisations when using OTX Endpoint Security including:
- Free access to over 19 million threat indicators that are contributed daily.
- Collaborate with over 100,000 global participants to investigate emerging threats in the wild.
- Quick detection of a compromise on your endpoints.
- Up-to-date threat research from contributors.
- Leverage the latest OTX threat intelligence directly in your AlienVault USM or AlienVault OSSIM environment.
- Synchronise OTX threat intelligence with your other security products via the OTX DirectConnect API.
Why choose OTX Endpoint Security?
There are many benefits for organisations when using OTX Endpoint Security including:
- Free access to over 19 million threat indicators that are contributed daily.
- Collaborate with over 100,000 global participants to investigate emerging threats in the wild.
- Quick detection of a compromise on your endpoints.
- Up-to-date threat research from contributors.
- Leverage the latest OTX threat intelligence directly in your AlienVault USM or AlienVault OSSIM environment.
- Synchronise OTX threat intelligence with your other security products via the OTX DirectConnect API.
Next Steps
Getting started with OTX Endpoint Security is free, fast and simple. Powered by the AlienVault® Agent, a lightweight and adaptable endpoint agent based on osquery, it’s easy to install on Windows and Linux hosts and endpoints and has a small footprint.
OTX Endpoint Security uses the same agent-based technologies as more costly security tools and DIY open source agents without the expense.
To get started, download and install the AlienVault Agent on the Windows or Linux devices you want to monitor.
Every industry has its own unique security requirements, but often lack the resource, processes and tools to defend themselves. Read this article, 3 Elements of Threat Detection Every Organisation Must Have and understand why threat detection is a crucial line of defence when it comes to protecting your organisation from cyber attacks and improving your overall security posture.