Camp Rubrik: Data Security Foundations
  • Camp Rubrik: Data Security Foundations
    • Lab environment
    • Welcome to Zaffre
      • Tools you will be leveraging
      • SLA driven policy engine
      • Role Based Access Control (RBAC)
      • In-place Recovery Plans
    • Identify and Recover from an attack
      • The attack
        • Navigate the two storefronts
        • Ransom note
      • Anomaly Detection
        • Accessing Anomaly Detection
        • Visibility into the attack
        • Investigations page
        • Determining blast radius
        • Instant file recovery
      • Threat Hunting
        • Identifying the entry point of an adversary
        • Building a threat hunt
        • Monitoring a threat hunt in progress
        • Review a completed hunt
      • Sensitive Data Monitoring
        • Accessing Sensitive Data Monitoring
        • Visibility into sensitive data
        • Cyber incident response
        • Business as usual
        • Policies
        • Analyzers
        • Custom analyzers & policies
        • Reporting
      • All Clear To Recover
      • Cyber Recovery
        • Accessing Cyber Recovery
        • Forensic Analysis
        • Recovery Plans
        • In-Place recovery
      • Data Security Command Center
        • Accessing Data Security Command Center
        • Platform Security
        • Anomaly Detection
        • Data Security Posture
        • Data Protection and Recovery
        • Multi-factor Authentication (MFA) with Time-based One-Time Passwords (TOTP)
      • Conclusion
Powered by GitBook
On this page
Export as PDF
  1. Camp Rubrik: Data Security Foundations
  2. Identify and Recover from an attack

Threat Hunting

PreviousInstant file recoveryNextIdentifying the entry point of an adversary

When an organization is hunting for a threat, the approach involves multiple threads, starting from:

  • A Security Information & Event Management (SIEM) platform to analyze the log data.

  • A Security Orchestration, Automation & Response (SOAR) platform to pull together the threat data.

  • Endpoint Detection & Response (EDR) agents to pull information across the business

  • File Integrity Monitoring (FIM) to monitor for file tampering.

  • Intrusion Detection Systems (IDS/IPS) scan for malicious activity.

....There's a lot going on.

What if you could mine the backups of your environment, hunting for the indicators of compromise (IoC) that your adversary has left, like a breadcrumb trail? You could identify the where, when, and what easily. Even better, because you're hunting with the data held in Rubrik, your adversary has no idea that they are being hunted! This is exactly what Rubrik Threat Hunting enables.

You have become aware of a potential breach. The leadership team needs to know where and when the attacker might have gained a foothold. Once this is known, you Rubrik to roll back to a clean point in time.

I need a clean room!