Effectively combat threats

The largest threat organizations face today is the inability to detect various types of attackers as a compromise occurs.

Organizations can no longer solely rely on reactive technologies, as attackers have learned how to bypass these and move stealthily within the environment. To effectively combat these threats, organizations must engage in Threat Hunting, in which they operate under the assumption that they have already been compromised and search out adversaries in their environment.

Threat Hunting is the process of proactively searching an organization for malicious activity that evades existing security solutions. Even though attackers are skilled at bypassing detection devices, their tactics, techniques, and procedures (TTPs) still leave traces of their activity. By searching for these traces in the environment, threats that are, or have been, active in the environment will be found.

What you can expect when threat hunting

TrustedSec is experienced at Threat Hunting within an organization, having performed this service for many clients in various engagements. With clients, TrustedSec can:

• Internally develop an organization’s Threat Hunting program
• Schedule and actively hunt for threats in the network using a formalized and proven process
• Determine detection, logging, and data collection gaps
• Create a process of handing off Threat Hunt results to the security operations center (SOC) for scaling and automation
• Create a customized system of metrics for the client to measure Threat Hunting capabilities
• Mentor internal Threat Hunting team members

Threat Hunting Workshop Training

Many organizations struggle to understand whether a breach is actively in progress or if it has happened at some point in the past. The most effective way to determine this is to proactively search an organization for evidence of a compromise. TrustedSec’s Threat Hunt Workshop teaches your team how to combine proprietary methods with tactical threat hunting techniques for discovering compromises within an environment in an efficient and proactive manner.

This training is strategically broken out into two days in the following manner:

• Presentation providing a deep dive into Threat Hunting concepts
• Hands-on lab exercises based on real-world incident response scenarios

The topics that will be covered during the presentation section of the training will include:

• Threat Hunting Foundations
• Threat Hunting Maturity
• Threat Activity Understanding
• Security Infrastructure
• Attack Surface Review
• Logging Considerations
• Critical Data and Key Points
• Indicator Differences
• Frameworks, Methodologies, and Strategies
• Proactive Threat Hunting Life Cycle
• Gathering APT Threat Intelligence
• Threat Hunting Process Development
• Operational Threat Hunting Considerations
• Detection Life Cycle

The training labs are self-contained and do not require any special software, tooling, or special lab setup or access. TrustedSec provides all the required network and host level telemetry required for each given lab.

Upon completion of the Threat Hunting Workshop training, you will have gained a comprehensive introduction to the fundamental principles of Threat Hunting along with practical application experience accomplished during the hands-on exercises. TrustedSec’s Threat Hunting Workshop custom training is created from vast knowledge gained during multiple years of client Threat Hunting engagements and immeasurable experience taken from real-world incident response engagements.