The best prevention in the world will not stop all attackers - especially the highly skilled and determined - all of the time. Breaches will occur. When they do, the challenge for the SOCs is to minimize dwell time. One method of doing so is threat hunting - a proactive process where SOC analysts search networks, endpoints, and data in an effort to isolate and detect advanced threats that have evaded defenses. A variety of threat hunting methods exist, some real-time and others retrospective. Retrospective analysis traditionally focuses on logs and PCAPs. These solutions are costly, resource intensive, and require additional data processing to expose the intricate layers that threat hunters are looking for, such as embedded logic, semantics, and metadata. FDR RetroHunting automates the process of hunting back in time for the presence of malware, ransomware, exploits and other end user-induced security issues. This is made possible through a set of features - including Session and File Level Search, Automated Retrospective Analysis, Tunable Retrospective Window and Retrospective Data Leak Discovery - which dramatically speeds and simplifies threat hunting to collapse dwell time.

Timetravel lightning effect Time machine illustration representing going back in time to RetroHunt