Group-IB  >>  Group-IB Threat Hunting Framework >> Threat Hunting Framework >> Threat Hunting Framework

Threat Hunting Framework

Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments

Meeting key information security challenges

1. Protects corporate emails from targeted phishing and letters containing malware

2. Protects the network perimeter, services, and user workstations from a malware

3. Protects infrastructure from being controlled by external attackers

4. Secures the transfer of files from untrusted to trusted file storages

5. Detects network anomalies

6. Protects workstations and servers from potentially unwanted apps and untrustworthy devices

“Sees” more than others

- Detection of previously unknown threats based on Threat Intelligence & Attribution data.

Proactive search for anomalies, hidden tunnels, and signs of communications with C&C servers.

- Automated correlation of events and alerts, and subsequent attribution to malware type and/or threat actor

- Global proactive threat hunting that exposes adversaries’ external infrastructure, TTPs, intent, and plans

- Proprietary tools: network graph analysis and malware detonation platform provide data enrichment, correlations, and analysis

- Full overview of the attack, in-depth management of incidents (up to Mutex/Pipes/Registry/Files)

Detection of attacker infrastructure on a global scale

Technology conceived to collect a large amount of data and unique search algorithms designed

to find connections help detect infrastructure that hackers intend to use in future attacks