Threat Hunting Framework

Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments

Meeting key information security challenges

Protects corporate emails from targeted phishing and letters containing malware

Protects the network perimeter, services, and user workstations from a malware

Protects infrastructure from being controlled by external attackers

Secures the transfer of files from untrusted to trusted file storages

Detects network anomalies

Protects workstations and servers from potentially unwanted apps and untrustworthy devices

Watch video

“Sees” more than others

  • Detection of previously unknown threats based on Threat Intelligence & Attribution data. Proactive search for anomalies, hidden tunnels, and signs of communications with C&C servers.

  • Automated correlation of events and alerts, and subsequent attribution to malware type and/or threat actor

  • Global proactive threat hunting that exposes adversaries’ external infrastructure, TTPs, intent, and plans

  • Proprietary tools: network graph analysis and malware detonation platform provide data enrichment, correlations, and analysis

  • Full overview of the attack, in-depth management of incidents (up to Mutex/Pipes/Registry/Files)

Detection of attacker infrastructure on a global scale

Technology conceived to collect a large amount of data and
unique search algorithms designed to find connections help
detect infrastructure that hackers intend to use in future attacks

Forrester Consulting TEI study

How a customer achieved 272% ROI and almost $1.9 million in benefits over three years
with Group-IB Threat Hunting Framework

Group-IB Threat Hunting Framework (THF) modules

Managed detection & response 24/7

CERT-GIB

  • Alert monitoring
  • Remote response
  • Anomaly analysis
  • Incident management
  • Threat Hunting
  • Critical threat analysis

Detecting infrastructure management & data analysis

Huntbox

Collaborative Hunting & Response Platform
  • Internal Threat Hunting
  • External Threat Hunting
  • Retrospective analysis
  • Correlation & attribution
  • Module management
  • Data storage
  • Single interface
  • Event analysis
IoCs& events

Attacks detection & prevention

Sensor

Network Research & Protection
  • Traffic analysis
  • File extraction
  • Anomaly detection

Polygon

Malware Detonation & Research
  • Isolated environment
  • File analysis
  • Link analysis

Huntpoint

Behaviour Inspection & Host Forensics
  • Event logging
  • Threat detection
  • Response at hosts

Sensor Industrial

Analysis of industrial control systems
  • Traffic analysis
  • Support for industrial
    protocols
  • Collection of information on firmware versioning
  • Software integrity control

Decryptor

Decrypting TLS/SSL traffic in the protected infrastructure

Understanding attackers and their tools helps identify even the most complex threats

  • Identification of complex attacks and tools:

    Spearphishing campaigns, social engineering techniques, legitimate utilities, and other tools used by advanced groups

  • Coverage of the main infection vectors:

    Email, browsers, removable media, local networks, client applications, supply chain attacks

  • Detection of infected mobile devices:

    THF detects mobile Trojans when a device is connected to a corporate Wi-Fi network

At the client’s request, the solution can be configured to block threats in real time

  • Email protection:

    When set in inline mode, the solution analyzes files and links in an isolated environment and blocks malicious objects spread by email

  • File storage protection:

    When integrated with file storage systems, the solution detects and blocks malicious files before they are launched in a real environment

  • Traffic protection:

    When integrated via ICAP THF can block malicious files downloaded from the internet

Threat Hunting Framework (THF) is your local center for research, detection, and response

Threat Hunting Framework

Monitoring by Group-IB’s Computer Emergency Response Team

Архитектура Threat Hunting Framework

Threat Hunting Framework capabilities

Management of complex incidents

Discovers anomalies, hidden communication channels. Performs behavioral analysis for software and users, and event correlation.

Malware detonation and analysis

Patented technology performs dynamic analysis of malware in isolated environments on virtual machines and fully executes malicious code and extracts IoCs.

Collaboration with experts

Provides shared environment, remote incident response, digital forensics, and access to analysts and cyber community

Proactive threat hunting

Hunts on hosts within and outside the network perimeter while also analyzing the infrastructure of external adversaries

Access to threat intelligence

Attributes scattered events to specific malware types and families or certain cybercriminal groups for efficient attack termination.

Unified security solution for IT and OT

A single system contains all the necessary tools for adaptive automation of research, threat hunting, and IR.

Additional benefits

User-friendly web interface

  • Representative visualization of incidents
  • Management of all components from a single window

Detailed reports

  • Full context and in-depth analysis
  • Clear account of event types and timelines

Effective communication

  • Full support 24/7/365
  • Most issues resolved within 10 minutes

Group-IB Threat Hunting Framework International Awards

Gold winner - Advanced Persistent Threat Protection (APT)

Gold winner - Anti-Malware

Gold winner - Critical Infrastructure Security

Gold winner - Threat Hunting

Gold winner - Anti-Phishing

Gold winner - Email Security

Gold winner - Endpoint Detection and Response

Gold winner - Endpoint Security

Gold winner - ICS / SCADA Security

Gold winner - Network Detection and Response

Gold winner - Network Security

Gold winner - Network Traffic Analysis

Gold winner - Ransomware Protection

Gold winner - Threat Detection, Intelligence and Response

Gold winner - Advanced Persistent Threat Protection (APT)

Gold winner - Anti-Malware

Gold winner - Critical Infrastructure Security

Gold winner - Anti-Phishing

Gold winner - Email Security

Gold winner - Endpoint Detection and Response

Gold winner - Endpoint Security

Gold winner - ICS / SCADA Security

Gold winner - Network Detection and Response

Gold winner - Network Security

Gold winner - Network Traffic Analysis

Gold winner - Ransomware Protection

Gold winner - Threat Detection, Intelligence and Response

Gold winner - Threat Hunting

Group-IB THF in reports and reviews

Success Stories

Request a live demo of Threat Hunting Framework

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
All you need to know to #StayCyberSafe