We understand that each client will have different infrastructure, processes and work teams. This is why our Threat Hunting service starts with meetings between the client and our CYCON (Cyber Consulting) team, who will be responsible for understanding the networks, applications and functioning of all processes to adapt the Threat Hunting service for each specific case. Moreover, throughout this consultancy we will analyze the different tools used by our clients in order to integrate them into the Threat Hunting service.
In parallel with this, our Engineering team will be in charge of implementing (or giving all the necessary support for) the infrastructure deployment, making it a quick and easy implementation. Our service allows for different architectures according to the needs of our clients, making it possible to host our server within the client’s installations, or on our own Data Centers.
Once the hardware installation is finished, our CYBOPS (Cyber Operations) team will be responsible for deploying and monitoring the forensic agent used to provide the service, as well as launching the Threat Hunting on the client’s devices. The forensic agent installed to carry out the Threat Hunting has an almost null impact on the machine’s performance.
Lastly, our analysts will be responsible for analyzing the threats found by the platform as well as for searching for the IOCs and TTPs that cannot be automated in the devices.
During this whole process, our CTI team (Cyber Threat Intelligence) will be perfectly synchronized with our client’s team, making the most of the information obtained by both teams in order to constantly feed the Threat Hunting service.
During the operation of our service we will have different critical levels:
|Level||Name||Description||Operation mode||Reporting||Threat review|
|L5||LOW||Everything is normal and there are no known significant threats||16×5||Daily||Every hour|
|L4||MODERATE||Recent campaign detects a relevant actor. An attack is plausible but not probable.||16×5||Daily||Every 30 min.|
|L3||HIGH||Relevant activity by a target actor or campaign within the same sector/industry||16×7||Twice a day||Real time|
|L2||SEVERE||Recent active campaign or actor, possible for the company to be affected||18×7||Twice a day||Real time|
|L1||CRITICAL||We have found a threat within our client’s devices, or an incident is highly probable according to our threat intelligence (CTI).||24×7||Three times a day||Real time|
Our clients will obtain large amounts of information from this service, which will help them understand the current status of their equipment and devices better. It will also feed their own processes and procedures.
Intelligence: in collaboration with the client’s experts, our CTI experts will create IOCs and TTPs that can be used for Threat Hunting as well as to feed other processes and procedures.
Daily reports: Our clients will also receive daily reports explaining the Threat Hunting status as well as all the information related to the threats found in their systems. Specifically, the daily reports issued are: