Search for threats and their elimination
By threat is meant an active search for cybercriminals in the organization’s infrastructure, a kind of proactive digital forensics that helps expand the ability to detect internal and external threats.
RedTeam and BlueTeam
Our unique approach is distinguished by the fact that it is based on the detection of known active criminal groups, this allows us to effectively detect targeted attacks that are not detected by common tools and software. In addition, we use the so-called data enrichment for support, such as journals with external information from our own CTI (Cyber Threat Intelligence) system.
Proactive Threat Detection
We know how to effectively identify attack symptoms and the presence of intruders in the organization’s infrastructure. An example of a task for a threat hunter is to launch special software (for example, honeypot) or to monitor DNS traffic within the network, in search of potentially harmful activity, for example, by checking entropy, DNS queries, comparing domains with IOC (compromise indicator) obtained from a threat analyzer, etc. On the other hand, the analysis of logs in this case is not limited to monitoring basic events, but also involves in-depth analysis by connecting a multitude of data. Each solution is individually tailored to customer needs in order to get the best detection rates. Thanks to this approach, there is a real possibility of detecting an attack.
