Cyber threat hunting services

Cyber threat hunting services

Improves detection efficiency and cyber threat responses

Fill in the form and we will call you back

    Or contact us at contact@tarlogic.com
    Phone: +41 44 551 02 74 / +352 20 33 17 45

    Did you know that the average detection time of an incident/security breach is 200 days? Did you know that once it is detected it takes an average of 66 days to contain the incident? This shows that the current detection and response mechanisms are not sufficient.

    Although the majority of the field is talking about threat hunting when explaining detection mechanisms, the reality is that very few have developed an accurate hunting approach.

    Why Proactive Threat Hunting?

    We all are aware of organizations that are investing considerable amounts of resources into detecting advanced threats with no success. Some of them are even targeted by ransomware gangs because of the lack of having good detection and response capabilities.

    This scenario is becoming more and more relevant as we are learning that classic Threat Detection capabilities are not enough. We need to evolve from traditional SOC to proactive Threat Hunting. This is achieved by focusing on TTPs analysis instead IOCs, by utilizing the Compromise Hypothesis instead of Reactive approach once a security event has been detected and more.

    Traditional SOC

    Threat Detection

    Protects against a well-known attack.

    Reactivity

    The investigation stage of an alert or event.

    Detection Stack

    SIEM, IDS, FWs, Proxy technologies, among others.

    Known attacks

    Signature and IOC based detection.

    Complex Start-Up

    Deployment of technology, creation of use cases, source diversity, blind spots, configuration faults, alerts and false positives.

    Advanced approach

    Threat Hunting

    New forms of attack are being investigated.

    Proactivity

    We are constantly investigating under an undetected breach scenario, assuming that a sophisticated attack has been produced and no security event has been triggered.

    Telemetry & Deception

    We collect and analyze activity from endpoints, servers and deception campaigns.

    Targeted and Unknown Attacks

    TPP, intelligence, tracking and hypothesis-based detection.

    Easy Set-Up

    Detection based on telemetry provided by EDR/XDR technology.

    What Makes our Threat Hunting Approach so Unique?

    Our 24x7 Proactive Threat Hunting service understands Malicious Adversaries better than a regular SOC, enabling the possibility to detect and respond to Malicious Operations even before a single security event has been made known. That can be accomplished because of our Proactive Threat Hunting service relies on the following fundamentals:

    Technology Agnostic

    Hunting over approved EDR/XDR

    • We are continuously analyzing new technology that allow us to perform a high-quality Threat Hunting service
    • To maintain our quality standards, only technologies that pass our internal evaluation are used

    Offensive Mindset

    Understanding adversaries

    • Even when there is not a proper detection from the technology, our experts can identify Malicious Operations from the telemetry
    • We use our Red Team as a Threat Hunting accelerator
    • We deploy our own Threat Hunting Intelligence™ on top of the EDR/XDR detection capabilities

    Compromise Hypothesis

    Proactive hunting

    • Our service is a never-ending effort to maintain a proactive hunting position while considering compromise hypothesis
    • Using compromise hypothesis allows us to detect unknown Malicious Actors
    • We perform thousands of custom queries to available telemetry every month to find unknown threats

    World Class Team

    Experts

    • Our hunters are real researchers thinking like real adversaries
    • We provide a cutting-edge service using the most innovative attacking techniques and detection bypass possibilities
    • We consult the most innovative technology to analyze emerging threats

    Threat Hunting Intelligence ™ as a distinctive Threat Hunting accelerator

    Threat Hunting Intelligence EDR/XDR gaps Threat actors Research Red team Malops Advisors

    Our Threat Hunting service improved not only by continuous research on Malicious Operations, Threat Actors profiling or public advisories analysis, but also by improving detection capabilities when the threat is able to perform detection bypass techniques.

    All those improvements are centralized in our Threat Hunting Intelligence™ and included in our unique Threat Hunting service.

    Under this context, it is particularly relevant that our Red Teamis an excellent accelerator to improve our Threat Hunting service, and vice versa. In fact, having both services at the same time is a possibility that more and more clients are requesting. They request the following combined approach:

    Red team Service

    Our Red Team simulates threat actors, adversaries or cyber exercices to bypass defensive layers

    We are continuously reporting improvement possibilities to the Threat Hunting team

    Threat hunting Service

    Our researchers are continuously learning from new techniques, tactics and procedures (TTPs) used by malicious actors and the learning process is accelerated by Red Team exercises

    Overcoming the EDR/XDR detection capabilities

    With the aim of performing an extraordinary Proactive Threat Hunting service, only extraordinary EDR/XDR solutions are accepted after intensive testing and evasion techniques performed in our lab.

    In addition to the detection capabilities offered by EDR/XDR technology, our Threat Hunting service deploys additional detection capabilities by performing thousands of additional detection checks molded to every client environment.

    *The technology approving process is a continuous evaluation of the most relevant EDR/XDR solutions so if using a technology not shown above, please contact us for further information.

    crowdstrike sentinelone Microsoft_endpoint_defender Cortex

    We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

    Necessary

    Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

    3rd Party Cookies

    This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

    Cookies policy