Unified security management and threat intelligence provider AlienVault this week announced the launch of a free scanning service that allows organizations to identify threats and risks in their environments.
The new OTX Endpoint Threat Hunter service is part of the AlienVault Open Threat Exchange (OTX) platform, which allows private firms, security researchers, and government agencies to openly collaborate and share information on emerging threats, attack methods, and malicious actors.
OTX can be accessed for free by anyone and provides more than 19 million threat indicators contributed by over 80,000 users. The new Endpoint Threat Hunter service is available to any registered OTX user.
Endpoint Threat Hunter allows organizations to discover threats on critical machines and assess the risk of malware and other attacks, AlienVault said.
The service relies on AlienVault Agent, a lightweight endpoint agent that executes predefined queries against one or more OTX pulses – each pulse includes a summary of the threat, a view into the targeted software, and related IoCs. The agent can be easily installed on Windows, Linux and other endpoint devices.
AlienVault has described several scenarios where Endpoint Threat Hunter can be useful. For example, in case of a global malware attack, users can select the pulse associated with the threat and initiate a scan. Once the scan has been completed, a list of the endpoints impacted by the malware is displayed.
Users can also conduct scans for multiple pulses – for example, all pulses updated in the past week or the past month, or only pulses contributed by AlienVault researchers.
OTX Endpoint Threat Hunter can also be used to initiate scans that look for processes running only in memory (a common tactic used by malware), cryptocurrency mining activity, and malicious or annoying Chrome extensions.