Threat Hunting

 “Be the hunter not the hunted”

What is threat hunting? 

Threat Hunting is the process carried to actively seek out threats on a network and identify malicious actors lurking on your network. Our SOC Team gathers a baseline of activity of your network to determine normal network activity. Our SOC analysts then kick off the hunt to find, track and hunt out a malicious actor. With real-time threat intelligence powered by AlienVault OTX our SOC Analysts siphon through your network traffic and host activity to compare it to the latest threats emerging. Throughout the hunting process our analysts use various procedures including Lockheed Martin’s Cyber Kill Chain, OODA Loop and Pyramid of Pain.

Why threat hunt?

There are numerous benefits to threat hunting by taking the proactive approach to look and seek out your threats. Threat hunting enriches SIEM alarming, new correlations can be created from the findings of the hunt. Underlying performance issues can also be discovered from threat hunting process. When threat hunting has been applied in your network it allows for new emerging threats to be thwarted quickly, whether it is an insider or outsider threat.

Keeping on top of identifying new threats drastically helps security posture across your network.

How do we conduct threat hunting?

Our SOC analysts actively seek out threats by hypothesising a question of what, why, where, when and how? By mining through security data applying hunting procedures and using the latest threat intelligence, new threats to your network can be stopped.

We apply threat hunting methods such as Honeytokens, Baselining, IOC based Hunting and Malware and Ransomware Remnants Hunting. We hunt out specifically target threats to your industry to help accurate locate and stop before a compromise or breach happens.

Baselining

After onboarding is completed and a network activity baseline is established. Our analysts set out to hunt out and detect any malicious activity that is deviating away from normal activity.

Establishing a baseline is important before conducting any threat hunting. As some network activity may appear to be a threat may not actually be classified as threat on other networks.

Indicator of Compromise – Based Hunting

We receive the latest threat intelligence through our sources, as this intel comes into our SOC we compile these indicators of compromise and scan your network for these IOC’s. We report back to our customers with this information and initiate Incident Response to contain and eradicate these threats.

Malware & Ransomware Remnants Hunting

Any remnants left over from previous cases of malware or ransomware are also related to IOC hunting, Older artefacts can be gathered from endpoints. This may lead to the root cause of how and why a compromise happened in the past.

Location

We are happy to host our clients in the comfort of our meeting facilities at our offices. Please call or email to arrange a meeting.

B109, The Linc,Blanchardstown Institute of Technology, Dublin

Call us

Our phones are open during normal business hours, 9am to 5:30pm, Monday to Friday, excluding Bank and Public Holidays.

+353 1 536 7320

Contact us

For enquiries at any time, please contact us via email. For emails received out-of-hours, you will receive a response during normal business hours on the following working day.

info@commsec.ie

Close Menu