Threat Hunting Services

Q: What are the benefits of threat hunting?

Threat Hunting is strongly suggested to detect and respond to unknown threats. This can be accomplished because, instead of focusing on Indicators of Compromise (IOCs), Threat Hunting focuses on MITRE Tactics, Techniques, and Procedures (TTPs) to detect malicious operations that an APT could perform when no IOCs are available in advance.

Q: What does a threat hunter do?

Threat Hunters need to cover the following activities:nn- Analyze suspicious detections performed by EDR or XDR technology, including investigations to confirm malicious operations or discard false positives.n- Threat research, which includes maintaining updated knowledge about low-level details on emerging critical vulnerabilities, exploits, APTs, attacking campaigns, techniques, tactics, and procedures that a malicious actor could use to compromise an organization and its resources.n- Transforming results from research activities into proactive hunting by exploiting the available data or telemetry.

Detect and respond to cyber threats on time.

Our managed cybersecurity service proactively investigates threats, reaching where EDR detection technology doesn't, reacting before a security incident has an impact.

Fill in the form and we will call you back

Threat Hunting Solutions

Did you know that the average detection time of an incident/security breach is 200 days? Did you know that once it is detected it takes an average of 66 days to contain the incident? This shows that the current detection and response mechanisms are not sufficient.

Although the majority of the field talk about Threat Hunting when explaining detection mechanisms, the reality is that very few have developed an accurate hunting service approach.

Why Proactive Threat Hunting?

We all are aware of organizations that are investing considerable amounts of resources into detecting advanced threats with no success. Some of them are even targeted by ransomware gangs because of the lack of having good detection and response capabilities.

This scenario is becoming more and more relevant as we are learning that classic Threat Detection capabilities are not enough. We need to evolve from traditional SOC to proactive Threat Hunting. This is achieved by focusing on TTPs analysis instead IOCs, by utilizing the Compromise Hypothesis instead of Reactive approach once a security event has been detected and more.

Traditional SOC

Threat Detection

Protects against a well-known attack.

Reactivity

The investigation stage of an alert or event.

Detection Stack

SIEM, IDS, FWs, Proxy technologies, among others.

Known attacks

Signature and IOC based detection.

Complex Start-Up

Deployment of technology, creation of use cases, source diversity, blind spots, configuration faults, alerts and false positives.

Advanced approach

Threat Hunting

New forms of attack are being investigated.

Proactivity

We are constantly investigating under an undetected breach scenario, assuming that a sophisticated attack has been produced and no security event has been triggered.

Telemetry & Deception

We collect and analyze activity from endpoints, servers and deception campaigns.

Targeted and Unknown Attacks

TPP, intelligence, tracking and hypothesis-based detection.

Easy Set-Up

Detection based on telemetry provided by EDR/XDR technology.

What Makes our Threat Hunting service so Unique?

Our 24x7 Proactive Threat Hunting solutions understand Malicious Adversaries better than a regular SOC, enabling the possibility to detect and respond to Malicious Operations even before a single security event becomes known. This is achieved because our Proactive Threat Hunting solutions rely on the following fundamentals:

Technology Agnostic

Hunting over approved EDR/XDR

We are continuously analyzing new technology that allow us to perform a high-quality Threat Hunting service
To maintain our quality standards, only technologies that pass our internal evaluation are used

Offensive Mindset

Understanding adversaries

Even when there is not a proper detection from the technology, our experts can identify Malicious Operations from the telemetry
We use our Red Team as a Threat Hunting accelerator
We deploy our own Threat Hunting Intelligence™ on top of the EDR/XDR detection capabilities

Compromise Hypothesis

Proactive hunting

Our service is a never-ending effort to maintain a proactive hunting position while considering compromise hypothesis
Using compromise hypothesis allows us to detect unknown Malicious Actors
We perform thousands of custom queries to available telemetry every month to find unknown threats

World Class Team

Experts

Our hunters are real researchers thinking like real adversaries
We provide a cutting-edge service using the most innovative attacking techniques and detection bypass possibilities
We consult the most innovative technology to analyze emerging threats

Looking for Threat Hunting solutions?

Contact our cybersecurity team if you have any questions or if you are in need of an assessment!

Contact

Threat Hunting Intelligence ™ as a distinctive Threat Hunting accelerator

Our MDR Threat Hunting service improved not only by continuous research on Malicious Operations, Threat Actors profiling or public advisories analysis, but also by improving detection capabilities when the threat is able to perform detection bypass techniques.

All those improvements are centralized in our Threat Hunting Intelligence™ and included in our unique Threat Hunting service.

Under this context, it is particularly relevant that our Red Team is an excellent accelerator to improve our Threat Hunting solutions, and vice versa. In fact, having both solutions at the same time is a possibility that more and more clients are requesting. They request the following combined approach:

Red team Service

Our Red Team simulates threat actors, adversaries or cyber exercices to bypass defensive layers

We are continuously reporting improvement possibilities to the Threat Hunting team

Threat hunting Service

Our researchers are continuously learning from new techniques, tactics and procedures (TTPs) used by malicious actors and the learning process is accelerated by Red Team exercises

Overcoming the EDR/XDR detection capabilities

With the aim of performing an extraordinary Proactive Threat Hunting service, only extraordinary EDR/XDR solutions are accepted after intensive testing and evasion techniques performed in our lab.

In addition to the detection capabilities offered by EDR/XDR technology, our Threat Hunting service deploys additional detection capabilities by performing thousands of additional detection checks molded to every client environment.

*The technology approving process is a continuous evaluation of the most relevant EDR/XDR solutions so if using a technology not shown above, please contact us for further information.

Threat hunting FAQs

What is threat hunting?

Threat Hunting is a service aimed to proactively detect advanced threats in corporate endpoints and networks by using compromise hypothesis approaches, as well as responding to the compromise.

What are the benefits of threat hunting?

Threat Hunting is strongly suggested to detect and respond in front of unknown threats. That can be accomplished because instead of focusing on Identificators of Compromise (IOC), Threat Hunting focuses on Mitre Techniques, Tactiques and Procedures (TTP) to detect Malicious Operations that could perform an APT when no IOC’s are available in advance.

What does a threat hunter do?

Threat Hunters activities need to cover the following activities:

Analyze suspicious detections performed by the EDR or XDR technology, including investigations to confirm a malicious operation or discard false positives.
Threat research, which includes maintaining an updated knowledge about low level details on emerging critical vulnerabilities, exploits, APT, attacking campaigns, techniques, tactiques and procedures that a malicious actor could use to compromise an organization and its resources.
Transforming results from the researching activities into proactive hunting by exploiting the available data or telemetry.

What are the types of threat hunting?

Even when the objective is the same, Threat Hunting activities differ from traditional Threat Detection in the way they achieve those objectives. Some of the main differences can be summarized as:

Threat Hunting requires searching proactively for unknown threats, while Threat Detection is a reactive process initiated once an alert arises.
Threat Hunting analyzes TTP’s, while Threat Detection is focused on IOC’s or well-known patterns.

Threat Hunting is focused on analyzing data and telemetry provided by EDR or XDR technologies, while Threat Detection analyzes events and logs centralized in a SIEM.

What is a cyber hunt team?

The team performing Threat Hunting activities is based on tiers like a regular Threat Detection service. Instead of that, Threat Hunters are always very skilled professionals that know how an attack works under the hood so they can identify any malicious operation just by looking at the available resources like data and telemetry (even when there is no alert associated with the malicious operation).

Among the skills of a Threat Hunting team it can be highlighted (among others):

Vast experience in offensive techniques
An excellent understanding of Windows and Linux internals, as well as networking skills.
Malware reverse engineering
Continuous researching to know emerging offensive techniques
Supporting other teams involved in an Incident Response