Did you know that the average detection time of an incident/security breach is 200 days? Did you know that, once detected, it takes an average of 66 days to contain the incident?
This shows that the current detection and response mechanisms are insufficient. Although most of the market is talking about threat hunting when explaining its detection mechanisms, the reality is that very few develop an accurate hunting approach.
What is threat hunting?
Differences from traditional Threat Detection approaches
The investigation stage of an alert or event..
SIEM, IDS, FWs, Proxy technologies, among others.
Signature and IOC based detection.
Deployment of technology, creation of use cases, source diversity, blind spots, configuration faults, alerts and false positives.
The investigation stage of an anticipated attack.
Telemetry & Deception
Collection of endpoint, server and deception campaign activity.
Targeted and unknown attacks
TPP, intelligence, tracking and hypothesis-based detection.
Collection of endpoint telemetry and servers fit for service activation.
The purpose of Threat Hunting is to minimise the impact of security incidents through reduced detection time and response model optimisation.
Real Threat Hunting, Our Service Approach
Our researchers focus on two main aspects: lessons learnt during investigations of real incidents and anticipation. Thanks to proactive intelligence, they can develop hypothetical attack situations, using mainly techniques and tactics acquired from the Red Team, as well as the actionable intelligence collected by our global risk service.
TIER 1 - Red Team
The TPPs employed in our Red Teaming exercises form the basis of the hunting hypothesis approach.
Tarlogic Research provides the service with tools and technological developments, focused on generating efficiency and effectivity in the hunting process.
EDR Platform – Telemetry
With the aim of gaining increased visibility within infrastructure systems, Tarlogic makes use of an EDR solution (Endpoint Detection and Response) which allows us to speed up the processes of identification, investigation, response and remediation of cyber risks and external or internal attackers, who make use of existing security control evasion techniques.
This platform, operated with the help of a specialised team of Tarlogic Hunters, allows the hunting process to be automated with a data analysis paradigm innovator, increasing the hunting maturity level of the organisations.