Threat Hunting

Threat hunting describes the procedure of proactively probing networks in order to detect and isolate cyber threats that evade existing security measures. The process involves looking for signs of a compromise or attacker activities, current or past.

Across industries, sophisticated cybercriminals are penetrating systems. The attacks are often difficult to detect. Threats can continue to lurk in an organisation’s networks, and they can multiply over time until they manifest themselves across the networks. A multitude of threats combined with a lack of expertise with an organisations’ IT security team makes it difficult to salvage their systems from the threat infestation.

The consequences of such threats can lead to a loss of sensitive data, compliance breach and monetary loss.

ITSEC has the tools, techniques, and experience to perform an inspection of organisations’ environment and to identify threat pointers. On threat identification, our security consultants uncover the complete threat context and determine the necessary steps to remediate it.

The main features of the service include:

  • A provision of ITSEC’s expert security consultants for targeted hunting of networks with the primary objective of probing any threats, compromised systems, and cyber attackers who might be concealing in the networks.
  • An assessment report of all the threat details, network and host evidence of threat presence, and recommendations to respond to and eliminate the cybersecurity threats.
  • Peace of mind that the systems are secured from cyber threats.

Targeted Threat Hunting

The Targeted Threat Hunting service provides a method to look for threats on specific systems identified and scoped by organisations for analysis.

The process includes artefact collection, threat analysis, set up of recommendation, and reporting on systems of interest.

The procedure involves using triage scripts or endpoint security technology (agents installed by enterprises), such as Carbon Black, for threat analysis. In a second step, we match the results against specific indicators of compromise (IOC).

Value Proposition

  • Identification of unique cyber threats and adversaries that threaten the systems in the scope of analysis.
  • Knowing indicators of compromise, which signify an active or past compromise.

Key Differentiators

  • Benefit from ITSEC’s unique expertise in responding to multiple attack groups, large and complex environments, extensive compromise, and complex remedial activities.
  • Leverage the technology and threat intel feed from leading global cybersecurity firm.
  • Unique applications to investigate the potential of compromise effectively.

Benefits

  • Understand the health of systems in scope.
  • Easy pivot to the response services if such requirements arise.
  • Get effective action plans to eradicate threats identified in the systems of interest.

Key Deliverables

  • An executive summary report.
  • A detailed technical report, which includes identification of compromises in systems in scope, a list of compromises, compromised accounts, attacker accessed systems.
  • A presentation of the results.

Network Threat Hunting

Our Network Threat Hunting service provides a method to look for threats based on alerts identified by a network sensor placed in an organisations’ Internet egress environment. Following these alerts, triage of the infected endpoints is conducted.

Our method includes installing network sensors, identifying systems of interest, artefact collection, threat analysis, making recommendations, and reporting.

We use one or more of Damballa as a network sensor, triage scripts, or an endpoint technology, such as Carbon Black (installed by enterprises), to investigate endpoints.

Value Proposition

  • Identification of unique cyber threats and adversaries based on command and control traffic on the networks.
  • Knowing indicators of compromise (IOC) which signify an active or past compromise.

Key Differentiators

  • Benefit from ITSEC’s expertise in responding to multiple attack groups, large and complex environments, extensive compromise, and complex remedial activities.
  • Leverage the technology and threat intelligence feed from leading global cybersecurity firm.
  • Unique applications to investigate the potential of compromise effectively.

Benefits

  • Understand the health of the networks based on command and control traffic.
  • Easy pivot to the response services if such requirements arise.
  • Get effective action plans to eradicate threats identified on the infected systems.

Key Deliverables

  • An executive summary report.
  • A detailed technical report, which includes identification of compromises in systems in scope based on command and control traffic, list of compromised systems, compromised accounts, attacker accessed systems, network and host findings.
  • A brief presentation.

Enterprise Threat Hunting

The Enterprise Threat Hunting service is our most comprehensive offering for cyber threat hunting.

Our method includes the identification of unique threats and adversaries, the identification of indicators of compromise (IOC) sweeping to endpoints, network monitoring for IOC, threat analysis, and reporting.

We use one or more of Damballa as a network sensor, triage scripts, or an endpoint technology, such as Carbon Black (installed by enterprises), to investigate endpoints.

Value Proposition

  • Identify the unique cyber threats and adversaries that threaten the environment.
  • Pinpoint indicators of compromise (IOC) which signify a possible active or past compromise.

Key Differentiators

  • Unique experience responding to multiple attack groups, large and complex environments, extensive compromise, and complex remedial activities.
  • The use of leading cybersecurity technology for investigations, efficiency, and scale.
  • Leverage threat intelligence feeds from leading global cybersecurity firm.
  • Leverage a partnership with leading cybersecurity incident response firm.

Benefits

  • Understand the health of networks concerning security.
  • Proactive scalable hunting of potential threat actors presence in the network.

Key Deliverables

  • An executive summary report.
  • A detailed technical report, which includes scope and coverage achieved, confirmation of compromised based on command and control traffic, list of compromised systems, compromised accounts on the infected systems, attacker accessed systems, network and host findings.
  • A brief presentation.
Singapore

ITSEC SERVICES ASIA PTE. LTD.

71 Robinson Road, #14-01

Singapore 068895

contact@itsec.sg

+65 3159 1145

Indonesia

PT. ITSEC Asia

RDTX Tower Lt.28 Zona A

Jl. Prof. Dr. Satrio Kavling E.IV No.6

Jakarta Selatan 12950, Indonesia

contact@itsecasia.com

+62 (21) 57991383

Australia

ITSEC Australia Pty. Ltd.

ABN 33 623 449 267 Level 19

180 Lonsdale St Melbourne

Victoria Australia, 3000

info@itsec.com.au

+61 (0) 403 185 051

Company
Security services & solutions