Threat Hunting

We proactively determine if you have been breached by forensically reviewing your environment for suspicious abnormalities and other indicators of compromise. The SRA Threat Hunting process can use existing EDR and SIEM tools, or we can leverage Windows native tools and open-source platforms.

Cyber Threat Hunts

Cyber-attacks are constantly evolving, increasing an attacker’s chance of infiltrating an environment without automated defence platforms ever detecting their presence. Searching for Indicators of Compromise (IOCs) will only find the low hanging fruit.

We don’t just hunt for IOCs to find an attacker, we dig deeper, emulating an attacker’s tactics, techniques, and procedures (TTPs) to either find them in your environment or demonstrate you have appropriate visibility to investigate anomalies.

We use data gathering and analysis tools to execute “campaigns.” Examples:

  • Persistence: are there unusual programs in start-up and registry?
  • Tampering: have settings been changed to hide activity?
  • Escalation: have accounts elevated their privileges?

Threat Hunt Advantages

Discover Unknown Adversaries: Proactively discover abnormal behavior automated defense tools, like NextGen A/V, may miss.

Continuous Defense Improvement: Identify security and visibility gaps in your environment to help increase your security posture.

Reporting: Prioritized recommendations with hunts mapped to the MITRE ATT&CK framework for maturity scoring

Threat hunts are a core feature of our 24x7 CyberSOC service!

Learn more about our unique CyberSOC model which includes Purple Teams, Threat Hunts, and more!