What is Threat Hunting?
Cyber security threat hunting is active monitoring of security systems to identify security issues- this function is also known as ‘blue team’ or ‘blue teaming’. This service is designed to enrich existing security measures such as SIEM and EDR, providing context and insight into active threats within your environment.
By leveraging raw information provided by security controls including Full Packet Capture (FPC), NetFlow, SIEM (Security Information Event Management) and EDR (Endpoint Detection and Response) our experienced threat hunters perform advanced analysis to identify anomalous activity that requires further validation or escalation. Upon detection of a threat, such as suspicious or malicious behaviour within your environment, our security analysts will review the context and events leading up to the potential threat in order to confirm its validity. After this triage and investigation is complete the threat will be removed.
Our team leverages your existing security tooling or can provide additional security monitoring platforms as part of the service. As part of our engagement we will perform a visibility assessment to measure effectiveness of your tooling and identify gaps in your security monitoring platforms that will limit visibility and detection of security threat hunting.