Cyber Threat Hunts
Cyber-attacks are constantly evolving, increasing an attacker’s chance of infiltrating an environment without automated defence platforms ever detecting their presence. Searching for Indicators of Compromise (IOCs) will only find the low hanging fruit.
We don’t just hunt for IOCs to find an attacker, we dig deeper, emulating an attacker’s tactics, techniques, and procedures (TTPs) to either find them in your environment or demonstrate you have appropriate visibility to investigate anomalies.
We use data gathering and analysis tools to execute “campaigns.” Examples:
- Persistence: are there unusual programs in start-up and registry?
- Tampering: have settings been changed to hide activity?
- Escalation: have accounts elevated their privileges?
Threat Hunt Advantages
Discover Unknown Adversaries: Proactively discover abnormal behavior automated defense tools, like NextGen A/V, may miss.
Continuous Defense Improvement: Identify security and visibility gaps in your environment to help increase your security posture.
Reporting: Prioritized recommendations with hunts mapped to the MITRE ATT&CK framework for maturity scoring
Threat hunts are a core feature of our 24x7 CyberSOC service!
Learn more about our unique CyberSOC model which includes Purple Teams, Threat Hunts, and more!