Did you know that the average detection time of an incident/security breach is 200 days? Did you know that, once detected, it takes an average of 66 days to contain the incident?

This shows that the current detection and response mechanisms are insufficient. Although most of the market is talking about threat hunting when explaining its detection mechanisms, the reality is that very few develop an accurate hunting approach.

1

What is threat hunting?

Differences from traditional Threat Detection approaches

Threat Detection
Reactivity

The investigation stage of an alert or event..

Detection Stack

SIEM, IDS, FWs, Proxy technologies, among others.

Known attacks

Signature and IOC based detection.

Complex start-up

Deployment of technology, creation of use cases, source diversity, blind spots, configuration faults, alerts and false positives.

Threat Hunting
Proactivity

The investigation stage of an anticipated attack.

Telemetry & Deception

Collection of endpoint, server and deception campaign activity.

Targeted and unknown attacks

TPP, intelligence, tracking and hypothesis-based detection.

Easy set-up

Collection of endpoint telemetry and servers fit for service activation.

The purpose of Threat Hunting is to minimise the impact of security incidents through reduced detection time and response model optimisation.

Real Threat Hunting, Our Service Approach

Our researchers focus on two main aspects: lessons learnt during investigations of real incidents and anticipation. Thanks to proactive intelligence, they can develop hypothetical attack situations, using mainly techniques and tactics acquired from the Red Team, as well as the actionable intelligence collected by our global risk service.

TIER 1 - Red Team

The TPPs employed in our Red Teaming exercises form the basis of the hunting hypothesis approach.

HUNTERS - 24x7

We have prestigiously recognised experts in the field, who focus on generating value through the hypothesis approach and investigation work.

Telemetry

We support one another in an EDR solution based on collecting and analysing endpoint and server telemetry.

Tools

Tarlogic Research provides the service with tools and technological developments, focused on generating efficiency and effectivity in the hunting process.

2

EDR Platform – Telemetry

With the aim of gaining increased visibility within infrastructure systems, Tarlogic makes use of an EDR solution (Endpoint Detection and Response) which allows us to speed up the processes of identification, investigation, response and remediation of cyber risks and external or internal attackers, who make use of existing security control evasion techniques.

This platform, operated with the help of a specialised team of Tarlogic Hunters, allows the hunting process to be automated with a data analysis paradigm innovator, increasing the hunting maturity level of the organisations.

Interested in any of our services?