Threat Hunting

Cyber Threat Hunting is an essential exercise to proactively investigate potential compromises, detect advanced threats, and improve cyber defenses. Our experts orchestrate an exhaustive and iterative process with purpose built tools to conduct manual and semi-automated series of searches for Indicators of Compromise (IOC) and Initial Vectors of Compromise (IVOC).

Our Solution

Our Cyber Resilience Experts leverage the latest data analytics algorithms based on the Tactics, Techniques, and Procedures (TTPs) that attackers are known to use, while utilizing Machine Learning, Artificial Intelligence, Behavioral Forensic Artifacts, and Threat Intelligence to detect ongoing or zero day cyberattacks and Advanced Persistent Threats (APTs) and leveraging the latest IOCs to identify the probability of an enterprise compromise.

Our methodology enriches multiple sources of threat intelligence, as well as your internal network traffic, endpoints and along with LIFARS forensic artifacts techniques for threats that have gone undetected. Our methodology relies on a stochastic probability of confirming a compromise. The examining of both false positives and negatives to ensure accuracy during IOC identification regardless if the hunt concerns network forensics or endpoint examination and pattern matching to identify compromises and weak areas within the environment.

Endpoint Threat Hunting

Our solution is a uniquely designed methodology used to detect and investigate, if your company’s security and confidentiality are compromised. We access forensics artifacts on volumes, memory and volatile data. This is done to examine probability of potential incidents and integrate with existing advanced persistent threat detection solutions to capture endpoint compromise snapshots. Our team validates the visibility potential of compromise indicators and potential threats, searches and other endpoints for the same threat actor’s lateral movement and amends the issue leveraging Endpoint Security clean up methodology.

Network Threat Hunting

Our network threat hunting analyzes network activities, such as packet captures and network flow, network IDS/IPS alerts, and network device logs. Indicators of compromise can be examined parallel to network streams, including full reconstruction of sessions and examination. It’s easy for firms to disregard monitoring potential threat vectors where the most insidious, long-term damage may be percolating. Our experts analyzes and examine your network anomalies, protocols and contextual capture.

A volumetric statistical analysis will focus on examining four key network features: suspicious sessions examination based on obfuscation and encryption techniques when compares to data entropy, number and initiation of outbound network connections (such as TCP SYN), duration of connections and amount of data exchanged, and frequency of connections and sequence of sessions (example UDP exploitation followed by TCP SYN reverse shell).

Threat Intelligence & Deep Dark Web Search

Our Threat Intelligence protocol helps your organization identify an ongoing and past cyberattack. LIFARS Cyber Resiliency analysts familiarize themselves with your company’s environment and effectively filter out key events that need closer examination. Optimization of Threat Intelligence in the daily mirage of events can dramatically increase the overall effectiveness and allow a SOC team to focus on important tasks and real malicious incidents. Our Threat Intelligence ensures a comprehensive evaluation of your business security where we detect leaks, mitigate the damage and quickly resolve the matter. We additionally, monitor the Deep Dark Web where companies’ data can easily be exposed.

Our Threat Hunting Framework

Strategic Targets & Tactics Selection

  • Define and prioritize Threat Hunting missions of Network, Endpoint and External targets and align with the internal team on procedures, tactics, techniques, process and policies.
  • Define operational procedures for target interrogation, collection and response.
  • Prepare initial vectors and conditions of digital artifacts for Threat Hunting from known or behavioral intelligence such as IOCs.

Interrogation & Collection

  • Offensive automated and manual Threat Hunting based on the known and evolving threat landscape to discover relevant forensic artifacts.
  • Address systemic organized risk encompassing multi-staged and vectored vulnerabilities based on correlated Risk Scores, Threat Intelligence and Assessments.
  • Assurance post-breach clean-up via recurring Threat Hunting to Identify and Investigate additional malware, symptoms and IOCs.

Detection

  • Investigations to uncover IOCs, malicious patterns, symptoms and adversarial Tactics, Techniques and Procedures (TTPs).
  • Converge and correlate proprietary, open source and 3rd party intelligence with LIFARS TTPs.
  • Leverage Machine Learning and Artificial Intelligence Analytics with deployed tools.

Enablement

  • Correlate context of TTPs from attacks and attack campaigns to uncover linked data and enrichment of intelligence and hunting loop via content process advisory.
  • Provide client meaningful insight and visibility into defensive cyber maturity detection and response.

Our Methodology Incorporates The Following Industry Standards

  • ISO/IEC 27035:2011: Information Security Incident Management
  • SANS: Creating and Managing an Incident Response Team
  • RFC 2350: Expectations for Computer Security Incident Response
  • CERT: Handbook for Computer Security Incident Response Teams (CSIRTS)
  • NIST 800-61: Computer Security Incident Handling Guide
  • ENISA: CSIRT Setting up Guide
  • ENISA: Good Practice Guide for Incident Management
  • ISACA: Incident Management and Response