ONSITE • REMOTE • ONLINE • CLOUD
One eSecurity’s Threat Hunting Service offers our clients a continuous and proactive threat search process in both their networks and systems. Our Hunting Framework combines manual and automated analysis carried out by our expert analysts in different areas. This approach transforms traditional threat management, turning it into a proactive operation and offering a much faster detection and response rate.
Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools. - From SANS Institute.
Threat searches have traditionally been manual and reactive processes, where a security analyst would draw on their own knowledge of SIEM or IDS systems and other existing capacities and would create and analyze hypotheses about possible threats. Our Threat Hunting service transforms the reactive process into a proactive one, providing us with the necessary tools and processes to be a step ahead of possible threats and to detect them in the quickest way possible. Moreover, our Threat Hunting framework allows the combination of these processes with those already present in the organizations we work with, integrating them with their CTI, SOC, CERT teams or any other internal team.
Our years of experience have allowed us to develop our very own Hunting Framework on which to build our service.
Thanks to this framework we are able to:
Our reliable external sources of threat intelligence obtained from different feeds (OSINT, HUMINT, CCI, IOCs, Malware analysis) combine with your company's own internal sources to form the perfect cocktail of information necessary to counteract and prevent possible attacks.
This framework combines specialist resources, technology, and dedicated processes.
The Threat Hunting service collates the capacities and expertise of our Incident Response, Cyber Threat Intelligence and Threat Hunting departments. Experts in each of these areas will be responsible for generating the various IOCs (Indicators of Compromise) and TTPs (Techniques, Tactics and Procedures) which will be used to identify threats. Moreover, these experts are in charge of supplementing the automated threat analysis by doing their own manual analysis, ensuring that any threats within the client’s systems and networks are detected, also carrying out malware analysis if needed.
The Threat Hunting platform is part of our Incident Response framework, which we have named Forest. This platform has over 10 years of experience and has been used by us and our clients on dozens of investigations around the world. The analysis of thousands of devices in a few hours and the versatility of this platform have been key in the resolution of all types of cases: financial actors, ransomware, or insiders, among others.
All processes defined by the Threat Hunting service are designed to be integrated with existing processes, some of which are well developed, and exist within the incident detection, prevention and response cycle, adding value at each phase through existing CERT, SOC or CTI teams.
Our Threat Hunting service formula is:
Threat Hunting = Response to Incident - Incident
A Different Approach
Our approach is different and has greater efficacy than reactive systems. Drastically reduces the volume and severity of attacks leading to an order-of-magnitude fewer alerts, incidents, and costs. Provides early warning and indicators to model zero-day signatures to incident response mechanisms and enumerate attack networks through cyber threat intelligence. Is not subject to the scalability issues around performance and cost that reactive systems struggle with. One eSecurity threat hunting decisively engages the adversary and includes hunt and adversarial pursuit activities.
Our Own Framework
Having our own hunting and threat intelligence framework enables us to: analyze and generate all kinds of IOCs, from the simplest hash files to the most elaborate TTPs, based on our malware analysis ability; perform these analyses on large banks of servers and equipment, quickly detecting the type of attack, the artifacts found and patterns on files, processes, ports, registry entries, installations, memory logs and disks; integrate the framework with the customer's own tools (antivirus programs, EDRs, forensics agents, etc.); reuse all the information generated to achieve rapid detection and containment of any type of malware.
You can activate us whenever you need to and for whatever purpose. Our different service agreements allow the client to have Threat Hunting as a one-shot services or as a continuous Hunting service, 24/7, with thousands of targets.
|Digital Forensics and IR||Emergency Incident Response||Cyber Threat Intelligence|
|One eSecurity Digital Forensics service is focused on system in-depth analysis, aiming at obtaining a traceable record of previous activity in order to answer any investigative questions.||One eSecurity Emergency Incident Response is aimed at clients who need agile response and support when a security incident happens.||The Cyber Threat Intelligence service by One eSecurity provides (both internally and for clients) knowledge and information on key threats for decision-making and forecasts of risk situations on IT systems and networks.|
|Read more||Read more||Read more|