Threat hunting, threat hunter

Detecting threats in IT systems

Threat hunting

To put it as simply as possible, Threat Hunting is a proactive threat investigation within the infrastructure of a relevant organisation, intended to identify any threats which security systems have failed to detect. It consists in collecting historical and current data to perform early detection of any signs of malicious behaviour and to limit dwell time, that is, a period of time a threat is active within an organisation. To a large extent, Threat Hunting depends on the analyst’s skills and knowledge regarding recent activity of criminal groups and innovative attack methods, mostly sourced from the Threat Intelligence service we provide.

Threat Hunting is a creative process yet limited by a specified framework:

At its conception lies an idea (a hypothesis) stemming from intelligence (Threat Intelligence) and findings of the analyst, in order to…
…investigate by means of available tools and data…
…used to either disprove or uphold a hypothesis…
…thus providing an opportunity to implement more effective detection and monitoring methods in the Security Information and Event Management (SIEM) system, as well as to formulate new hypotheses for future hunts.

Threat Hunting assumes there is an efficient multi-area security monitoring process in an organisation as it is based on the data collected in SIEM or a similar solution. This is a 100% independent service, however, it is most useful if integrated with the SOC service provided by us, as these two complement each other perfectly.

Cyber Threat Hunting

The Threat Hunting service is a team-based job, performed by the Cyber Arms analysts together with the Customer’s engineers. Our goal is to increase security level in an organisation as well as to transfer know-how in both directions.

Knowledge transfer from the organisation engineers to Cyber Arms, referring to the organisation’s structure and specificity, to ensure the Cyber Arms analysts formulate better hypotheses and adjust investigation methods to unique characteristics of the organisation

Knowledge transfer from the Cyber Arms analysts to the employees responsible for the organisation’s security, referring to the actions carried out during the hunt.

This ensures that, once the drill is complete, any further works may be continued on-site by the Customer’s engineers and analysts, providing much better results than any one-off service.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Threat hunting

Threat Hunting is a creative process yet limited by a specified framework:

ARE YOU INTERESTED IN THE OFFER? GET IN TOUCH WITH OUR TEAM!

Cyber Threat Hunting

This ensures that, once the drill is complete, any further works may be continued on-site by the Customer’s engineers and analysts, providing much better results than any one-off service.

Threat hunting

Penetration tests

Red teaming

The forensic analysis

Security audits

Threat intelligence

CISO as a service

Security Operations Center (SOC)

Threat hunting

Threat Hunting is a creative process yet limited by a specified framework:

ARE YOU INTERESTED IN THE OFFER? GET IN TOUCH WITH OUR TEAM!

Cyber Threat Hunting

This ensures that, once the drill is complete, any further works may be continued on-site by the Customer’s engineers and analysts, providing much better results than any one-off service.

Threat hunting

Penetration tests

Red teaming

The forensic analysis

Security audits

Threat intelligence

CISO as a service

Security Operations Center (SOC)

Polityka prywatności i pliki cookies