Endpoint Detection and Response (EDR) solutions are gaining traction these days for both IT resellers and end-users. Attackers are increasingly successful in their attempts to outsmart the vast majority of traditional security solutions and get into systems unnoticed.
Among the list of features for many EDR solutions, you may come across Threat Detection and Threat Hunting. Are these terms interchangeable and referring to one feature? What’s the difference?
The two are similar in that they both achieve a secure endpoint and network, but they achieve it by different means.
Threat Detection looks for known hacking techniques from attack vectors, in a real-time event stream covering various endpoints. It sets rules and conditions. Once a condition is met, an alert is triggered. This is then responded to by a person or via automation.
Threat Hunting on the other hand, is more proactive. Threat Hunting looks for traces of attacks (past and present) in the event stream of endpoints. Based on suspicious activity, it formulates a hypothesis. These hypotheses are formulated by security experts using a creative and flexible methodology, then verified against a global log of events from endpoints around the world.
The diagram below gives a good overview:
This is just the tip of the iceberg on how Threat Hunting works and what it can achieve. For more details on Threat Hunting, have a look at these links from Panda Security.
Panda’s Adaptive Defence 360 (AD360) is a security solution that combines Threat Hunting and their 100% Attestation Service, to provide one of the best endpoint security solutions on the market today.
Panda AD360 can be deployed on its own, or as a part of WatchGuard’s Passport. Passport is a bundle of Panda AD360, the MFA solution AuthPoint, and DNSWatchGO for DNS-level protection from phishing and other attacks.
Until the end of March 2021, resellers can get up to 25 Passport NFR 1 year licenses for free, to deploy and test in their own environment.