hero image

Cyber Threat Hunting

Proactively Pursue Attackers on Your Network

Are Attackers Already on Your Network?

Cyber threat hunting assumes a mindset that your network has already been breached because existing controls have failed. Network health indicators aren’t always entirely accurate, even when you’re looking for anomalies. Proactively searching your network for undiscovered attackers – past and present – can help you detect incidents sooner and find threats you wouldn’t have caught otherwise.

The average attacker is often not discovered until weeks or even months after they breach an IT environment, and often by a third party. So you might not find out about threat actors lurking on your systems until it’s too late.

What are Some Indicators of a Compromise?

Threat hunting assessments and services are proactive efforts to detect persistent threats that have evaded existing security controls. These assessments are designed to reduce the dwell time of attackers and stop them before they can inflict further damage. Moreover, successful hunt assessments should also validate the integrity of your network and overall cyber security posture.

Delta Risk Cyber Threat Hunting can identify the presence of threats and unauthorized activity on your network. Our experts are trained in the latest offensive and stealth techniques. They have the technical skills to identify and remediate external and internal risk, and uncover indicators of active intrusions, unauthorized activity, backdoors, and malware.

The Delta Risk Approach

Delta Risk uses a variety of industry-leading tools to gather and analyze host and network indicators of compromise from all major operating systems (Windows, Mac OSX, and Linux). We can assess artifacts from sensor logs and other network devices to create a comprehensive assessment.

Delta Risk Threat Hunting Services include:

  • An initial call to understand your environment
  • A solution suitable for your network
  • An on-site team to analyze your network
  • 45-days of in-depth endpoint monitoring
  • An identification of malicious activity and artifacts
  • A final report of all findings and recommendations

Delta Risk Cyber Threat Hunting Methodology

  1. Prepare: Set up the environment for successful completion of the engagement.
  2. Deploy: Deploy required information and installing sensors or in-scope systems.
  3. Collect: Collect data from in-scope systems, reporting on and assisting in resolving sensor coverage gaps.
  4. Analyze: Investigate possible indicators of compromise, assessing the likelihood or nature of a suspected compromise, and collaborating with customers to establish context and eliminate false positives.
  5. Report: Document the engagement and its conclusions.

What Does a Cyber Threat Hunter Do?

Cyber threat hunters are information security professionals who actively conduct investigations and analysis to find hidden threats. A threat hunter actively pursues malicious threats as opposed to waiting for alerts to go off, which is the mark of real-time detection.

The difference between cyber threat hunters and incident responders is that threat hunters are focused on finding adversaries before the attack happens. Threat hunters assume that attackers are already in the network. They gather as much information about adversary behavior patterns as they can, and then set out on the hunt. This includes using a hypothesis-driven, analytical approach.

Some of the most common software and tools that threat hunters use include:

  • Security monitoring tools
  • SIEM solutions
  • Analytics tools

Threat Hunting Trends

Cyber threat hunting is gaining momentum. More organizations are making the investment in resources and budget for proactive threat hunting programs and dedicated teams. According to the 2018 Threat Hunting Report conducted by Cybersecurity Insiders and Crowd Research Partners, the top benefits of threat hunting include improved detection of advanced threats (64 percent), followed by reduced investigation time (63 percent), and saved time not having to manually correlate events (59 percent).

Stay Informed on Cyber Security Professional Services

White Paper

Hacker Secrets Revealed: Lessons Learned from Assessments

The technical objective of security assessments is to emulate an outside adversary to get access into an internal network, escalate privileges, and obtain sensitive information. The intent is not to find every single vulnerability in the way that a vulnerability scan might do, but rather to find some of the vulnerabilities that exist, and attempt to exploit those.

White Paper

Can Your Security Team Handle a Breach?

By clearly identifying roles and responsibilities, clarifying the chain of command, and ensuring a strong understanding of protocols, organizations can improve their capacity to successfully respond to and recover from significant cyber events.

Blog

Why Your Incident Response Plan Won’t Save You

Do your spring-cleaning plans call for refreshing and improving your cyber security incident response plan (CSIRP)? If so, that means your organization has a CSIRP – and hats off to you, because you’re in the minority.

Blog

Are Your Third-Party Vendors Putting You at Risk?

Even a single vendor with sloppy security practices can do an impressive amount of damage to your bottom line and reputation. Don’t believe me? Let’s look at the evidence from 2018.