Threat Hunting

Threat Hunting Datasheet EN

During Threat hunting, we actively search for suspicious activity or remnants of any potential malicious activity within the clients’ infrastructure. Nowadays, we can see attackers’ sophistication growing as they try to get into their target infrastructure. Their attacks often go unnoticed by modern solutions, until it’s too late.

IstroSec focuses on activities that could signal the presence of malicious actors, potentially vulnerable systems, bad IT hygiene habits such as unnecessary admin privileges, plain-text passwords, etc.

This service includes:

  • Formulation of threat-hunting hypothesis based on standard attacks against customer type of organization, additional service – development of Customer Threat Landscape.

  • Identification of possible sources of relevant data to the hunting hypothesis.

  • Access to relevant data sources (implemented technologies or implementation of our tools).

  • Data analysis.

  • Search for IOCs within network communication (if possible).

  • Automatized control of clients’ key systems, whether they contain some IOCs from the IstroSecs database.

  • Automatic control of endpoint logs and outlining suspicious events.

  • Compilation of clients’ programs, their version, vulnerabilities for their version (if possible via Clients tools).

  • Basic identification of outliners presents within Clients’ infrastructure.

  • Consultation based on clients’ capabilities and proposing the implementation of free/commercial tools for monitoring.

  • Individual pricing help with implementing monitoring tools within Clients’ infrastructure, and their initial setting based on clients’ needs.

  • Detailed manual analysis of monitoring tool’s output.

  • Report containing an executive summary, technical details, and recommended actions on identified issues.

  • Queries used to hunt with.

Why IstroSec?

Our specialists have experience with performing Threat hunts across multiple platforms and environments, using commercial, free, and system native tools. Furthermore, our team has practical experience with malicious attackers with various skill levels, ranging from script kiddie level to state-sponsored ATPs.