cyber threat hunting

Threat hunting is becoming increasingly important as companies seek to stay ahead of the latest cyber threats and rapidly respond to any potential attacks. CyBourn leverages human and machine knowledge to contextualise business activities and organisational landscapes. Starting with a baseline profile, we assess posture and a series of attack motives. We turn this knowledge into actionable data that drives security operations and enhances incident response.

Overview

Our threat hunting methodology is designed to provide a common framework for our threat hunters to work and interact as part of the SOC eco-system in order to provide focused targeted threat detection and effective continuous improvement to our automated detection and response capabilities.

Key Benefits

integratedprocess
Integrated process
Integrated proactive threat Hunting adapted to the SOC infrastructure and the EtherLast™ toolkit.
soc-visibility
Increased SOC visibility
Immediate value to SOC detection rules through integration with the SOC process.
intelligencedriven
Intelligence driven
Leveraged actionable cyber threat intelligence put into action to deliver the most value.
threat-focused
Threat focused
Project based exercises to evaluate critical assets based on the threat tactics techniques and procedures as defined by MITRE ATT&CK.
proactive
Proactive investigative process
Threat hunters are integrated into the SOC team as Tier 3 analysts and work in close proximity to the Tier 1 and Tier 2 managed detection and response teams.
knowledgeable
Knowledgeable
Leveraged knowledge of the infrastructure from the core SOC MDR process in order to increase the effectiveness of the hunt.

Our Process

01

(Threat) Model

Assess the threat landscape, active actors, on-going campaigns, and current events.

  • 0 day
  • Existing risks
  • Internal actors

02

SEARCH

Define the hunt parameters and required data to reach objectives.

  • Define queries
  • Identify assets
  • Aggregate logs
  • Hunt for IoCs
  • Hunt for behaviour

03

TRACK

Information is structured and analysed to form the pattern of an attack.
Artifacts are tracked through the network
Identifying artifacts and behavioral patterns consistent with an attack.

04

RESPOND
  • Contain
  • Remediate
  • Recover from the attack.

05

IMPROVE

Defining new automated alerts tailored by the threat hunting team. Efficiently detect specific attacks while they happen.

crest-soc
member-cyber-exchange
ISO9001-blue
ISO20000-orange
ISO27001-purple

For more information and a quote on our Threat Hunting service please Contact Us!

Tell us about your Cybersecurity needs

We are strategists, engineers, analysts, and governance experts embedded in the world’s biggest cyber missions and trusted to advance them. Let us help you today.