What is it?
Threat Hunting is an active defense activity, based on iterative and proactive search through the network, in order to detect and isolate advanced threats that are evading existing security solutions. This approach complements traditional security measures, which generally require an investigation after suffering a security incident.
Through this proactive search for adversaries, we help organizations to:
- Discover weaknesses.
- Improve the early detection of threats.
- Improve your defense capabilities.
- Have a greater understanding of the design, technology and behavior of their networks.
- Profile those threats that pose a risk.
Threat Hunting search is based on the premise that organizations do not have to wait for an automatic alert about an attack before responding to a threat. This is achieved through the analysis of different public and private information sources, in order to make inferences and correlations about threats that have taken place in similar environments and that could have affected them. This could lead to the identification of advanced adversaries that could be operating within the systems of the organization and that without this proactive search could not be detected.
At Zerolynx, we focus on Threat Hunting services in two different approaches:
Continuous Threat Hunting: Our annual Threat Hunting service provides early warning of potential hidden threats that may pose a danger to the organization. For this, a continuous analysis of the networks and systems of the organization is carried out, through threat analysis technologies and various manual tests.
Threat Hunting On-demand: During the services on demand of Threat Hunting, a limited analysis of certain networks and systems of an organization is carried out, in order to detect potential hidden threats that may pose a danger to the organization.
To perform threat search operations, we follow a strategy divided into four main phases:
- Creation of a hypothesis.
- Investigation of the hypothesis through tools and techniques.
- Discovery of new patterns and recognition of Tactics, Techniques and Procedures (TTPs) of attackers.
- Enrichment of the analysis and implementation of threat reports.