Group-IB Threat Hunting Framework

Group IB

english

Company

Partners

Resources

Media Centre

Products

Services

Overview

Prevention

Response

Investigation

Report an incident

Contacts

Singapore+65 3159-3798

Amsterdam+31 6 225-080-98

Moscow+7 495 984-33-64

Hanoi+8 486 942-13-56

Kuala Lumpur+60 330-99-50-91

General inquires info@group-ib.com

24/7 incident response supportresponse@cert-gib.com

Report an incident

Meeting key information security challenges

Protects corporate emails from targeted phishing and letters containing malware

Protect the network perimeter, services, and user workstations from a malware

Protects infrastructure from being controlled by external attackers

Secures the transfer of files from untrusted to trusted file storages

Detects network anomalies

Protects workstations and servers from potentially unwanted apps and untrustworthy devices

Watch video

“Sees” more than others

Detection of previously unknown threats based on Threat Intelligence & Attribution data. Proactive search for anomalies, hidden tunnels, and signs of communications with C&C servers.
Automated correlation of events and alerts, and subsequent attribution to malware type and/or threat actor
Global proactive threat hunting that exposes adversaries’ external infrastructure, TTPs, intent, and plans
Proprietary tools: network graph analysis and malware detonation platform provide data enrichment, correlations, and analysis
Full overview of the attack, in-depth management of incidents (up to Mutex/Pipes/Registry/Files)

Detection of attacker infrastructure on a global scale

Technology conceived to collect a large amount of data and
unique search algorithms designed to find connections help
detect infrastructure that hackers intend to use in future attacks

4.2 billion

IP addresses — daily scan of the entire IPv4 address range

145 million

SSH keys

211 million

domains and archived data from the past 17 years

1.6 billion

SSL-certificates

Modules

Managed detection & response 24/7

CERT-GIB

Alert monitoring
Remote response
Anomaly analysis
Incident management
Threat Hunting
Critical threat analysis

Detecting infrastructure management & data analysis

Huntbox

Collaborative Hunting & Response Platform

Internal Threat Hunting
External Threat Hunting
Retrospective analysis
Correlation & attribution
Module management
Data storage
Single interface
Event analysis

IoCs& events

Attacks detection & prevention

Sensor

Network Research & Protection

Traffic analysis
File extraction
Anomaly detection

Polygon

Malware Detonation & Research

Isolated environment
File analysis
Link analysis

Huntpoint

Behaviour Inspection & Host Forensics

Event logging
Threat detection
Response at hosts

Sensor Industrial

Analysis of industrial control systems

Traffic analysis
Support for industrial
protocols

Collection of information on firmware versioning
Software integrity control

Decryptor

Decrypting TLS/SSL traffic in the protected infrastructure

Different usage scenarios

Threat monitoring & detection Infrastructure protection

Understanding attackers and their tools helps identify even the most complex threats

Identification of complex attacks and tools:
Spearphishing campaigns, social engineering techniques, legitimate utilities, and other tools used by advanced groups
Coverage of the main infection vectors:
Email, browsers, removable media, local networks, client applications, supply chain attacks
Detection of infected mobile devices:
THF detects mobile Trojans when a device is connected to a corporate Wi-Fi network

At the client’s request, the solution can be configured to block threats in real time

Email protection:
When set in inline mode, the solution analyzes files and links in an isolated environment and blocks malicious objects spread by email
File storage protection:
When integrated with file storage systems, the solution detects and blocks malicious files before they are launched in a real environment
Traffic protection:
When integrated via ICAP THF can block malicious files downloaded from the internet

Threat Hunting Framework is your local center for research, detection, and response

Monitoring by Group-IB’s Computer Emergency Response Team

Threat Hunting Framework capabilities

Management of complex incidents

Discovers anomalies, hidden communication channels. Performs behavioral analysis for software and users, and event correlation.

Malware detonation and analysis

Patented technology performs dynamic analysis of malware in isolated environments on virtual machines and fully executes malicious code and extracts IoCs.

Collaboration with experts

Provides shared environment, remote incident response, digital forensics, and access to analysts and cyber community

Proactive threat hunting

Hunts on hosts within and outside the network perimeter while also analyzing the infrastructure of external adversaries

Access to threat intelligence

Attributes scattered events to specific malware types and families or certain cybercriminal groups for efficient attack termination.

Unified security solution for IT and OT

A single system contains all the necessary tools for adaptive automation of research, threat hunting, and IR.

Additional benefits

User-friendly web interface

Representative visualization of incidents
Management of all components from a single window

Detailed reports

Full context and in-depth analysis
Clear account of event types and timelines

Effective communication

Full support 24/7/365
Most issues resolved within 10 minutes

Group-IB THF in reports and reviews

Network Detection and Response

KuppingerCole Analysts AG Names Group-IB a Product Leader for Threat Hunting Framework

Download

Helpnetsecurity review