Discover, isolate and repair cyber threats hidden within your systems.
Ensure systems and environments are free from adversarial threats through a deep technical analysis.
Shine a Light on Unwelcome Guests
Modern threat actors in today’s cyber climate operate in a very stealthy manner in order to obscure their actions and hide their tracks, creating challenges when trying to detect various types of attackers and their specific tactics, technique and procedures (TTPs). In addition, the creation and use of new TTPs over time may be exacerbated by gaps in logging and data collection capabilities on systems.
Our threat hunting experts will take the time to understand your business and technology stack to define and execute a custom threat hunting plan. We will work with you to bring your logging and data collection capabilities up to par and utilize our threat hunting experience to enrich the data, reconstruct events and eventually hunt for adversarial activity through deep data analysis.
Find Indicators of Compromise Within Your Systems
Our Threat Hunting Engagements follow a defined and proven process that helps you achieve your goals of gaining further assurance in your environment. Our proven process employs the following methodology:
Discovery – Taking necessary measures to properly scope the threat hunt through understanding prior incidents and events as well as the business environment, networks, systems, and applications.
Enrich Data – Identify current data collection and logging capabilities and adjust those to the desired state to provide high fidelity data.
Data Gathering – Once data collection standards are optimal, we will begin the data gathering phase through building scripts, installing collectors, aggregating data sources into a SIEM, as well as leveraging and configuring collection of current data resources.
Active Hunting – As we gather the high-fidelity data, we will begin to analyze the results and perform our threat hunting activities, creating custom queries and analyzing the data for key data elements based on threat intelligence and specific TTP signatures.
Triage – As we uncover observations and findings, we will work with you to ensure that any active threats and risks are immediately mitigated in an efficient and effective way.
Reporting – As the iterations through the Active Hunting and Triage phases come to a close, we will document the results of our entire engagement in a detailed report.