Our approach to Threat Hunting:
The goal of threat hunting is to mitigate the risk once an adversary infiltrates the network. To be effective, threat hunting must start with the threat. The ThreatQ Threat Library includes the ability to centralize and prioritize vast amounts of threat data from external and internal sources so that analysts can automatically determine the highly important items to hunt for within the environment.
ThreatQ Investigations allows analysts to conduct investigations collaboratively to search for and compare indicators across infrastructure and find matches between high-risk IOCs and internal log data that indicate possible connections.
Once a match is discovered, analysts can slowly cast the net wider and identify second-tier indicators and attributes (i.e., malware associations, adversary relationships, similar event indicators, etc.).
These capabilities enable analysts to engage in threat hunting and follow the prescribed lifecycle, similar to that of any scientific experiment.
- Proactively block similar attacks in the future by developing a signature, or identifying new IOCs to detect and block depending on confidence rating.
- Adjust corporate policy to align with new defense rules/signatures.
- Achieve true fusion analysis, leveraging the intelligence and understanding of teams and tools across the organization.
- Develop better intelligence collection methodologies.
- Develop better intelligence practices.
- Find and stop evil before the attack.
- Mitigate risk when an adversary infiltrates infrastructure.
- Orchestrated and synchronized threat intelligence management across all teams and tools so they can work in concert and increase effectiveness, efficiency and productivity.
Product videoPlay video
Other products from
Threat Hunting Use Case is assigned to following product groups:
- Products and Solutions for IT Security (247)
- APT protection (131)
- Banking (IT security solutions) (204)
- BSI IT baseline protection (products and services) (166)
- CIP - Critical Infrastructure Protection (security solutions) (270)
- Computer emergency response team (CERT) (61)
- Counter-intelligence (80)
- Early warning for IT (91)
- Health services (IT security solutions) (137)
- Industrial IT security (294)
- Managed security services (296)
- Risk analysis and management (179)
- Security management (175)
- Threat analyses (268)
- Vulnerabitlity and patch management (130)
- IT security rooms and cabinets (14)
- Data center operation (68)
- Insurance IT security (35)