Threat Hunting
Why conduct proactive threat hunting?
Organization’s security controls have become more advanced in recent years, as have the adversaries in leveraging more sophisticated threats quickly. Cybersecurity teams must be proactive in seeking out specific threat vectors and adversaries to determine if the networked environment is compromised and/or the existing security controls provide appropriate visibility and enforcement. The Talos IR Threat Hunting service helps your team to hunt down the unknowns and discover adversaries that may exist within your environment so you can better prepare your defenses against specific threats.
Identify weakness to enhance security
Threat hunts help your organization gain information and better understand risks associated with a specific threat or adversary. Talos IR will work alongside your team to determine the focus of the hunting exercise and identify appropriate tools and methodologies to cover. The insights gained will help the organizations better understand their exposure to the tactics, techniques and procedures (TTPs) threat actors commonly leverage and make better investments in controls to reduce or eliminate security gaps.
What does this include?
-
Detailed scoping exercise
to identify available telemetry, datapoints and customer objectives to ensure comprehensive delivery of this service. -
Hunting for the target
adversary TTPs through a deep analysis of various data points, aligned with comprehensive hypothesis and other objectives to discover new or existing threats in your environment. -
Access to skilled incident responders
with years of experience dealing with numerous types of incidents, who will execute custom threat hunting scenarios across the environment using existing telemetry. -
Full access to Cisco’s complete tool suite during the exercise
to provide greater visibility, speed and a broader understanding of all threats in the network using the latest available technologies. -
A threat hunting report
that includes an executive overview, technical summary, a full recap of the hunting hypothesis, key findings aligned with MITRE ATT&CK framework and recommendations. -
Technical and executive debriefs
to ensure that findings are effectively communicated across all business levels.
Sample hunt use cases
-
Critical infrastructure
-
Web services compromise
-
Lateral movement
-
Embedded attacker
-
Privileged user access review
-
Historical analysis of environment using new threat intelligence indicators
Interested in this service?
Reach out to your account team or contact us below.