Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Here is a fresh whitepaper by Robert M. Lee and David Bianco on proactive and iterative approach to detecting threats – threat hunting.
Threat hunting is a proactive and iterative approach to detecting threats. On the Sliding Scale of Cyber Security, hunting falls under the active defense category because it is performed primarily by a human analyst. Although threat hunters should rely heavily on automation and machine assistance, the process itself cannot be fully automated nor can any product perform hunting for an analyst. One of the human’s key contributions to any hunt is the initial conception of what threat the analyst would like to hunt and how he or she might find that type of malicious activity in the environment. We typically refer to this initial conception as the hunt’s hypothesis, but it is really just a statement about the hunter’s testable ideas of what threats might be in the environment and how to go about finding them.
There are two key components to generating hunting hypotheses. First, an analyst’s ability to create hypotheses is derived from observations. An observation could be as simple as noticing a particular event that “just doesn’t seem right” or something more complicated, such as a supposition about ongoing threat actor activity in the environment based on a combination of past experience with the actor and external threat intelligence.
The second concept to understand is that hypotheses must be testable. That is, they must be something you have at least a chance of finding in the data to which you have access. Good hunts depend on the hunter’s ability to know what data and technologies are required to test the hypotheses. To fully test hypotheses also requires the right analysis tools and techniques that can simultaneously take advantage of information from the environment as well as about likely adversaries. A good threat-hunting platform supports analysts in generating hypotheses and reduces barriers to testing those hypotheses by providing ready access to the data and tools needed to perform the tests.
There are three typical types of hypotheses, although any given hypothesis may combine elements from different types. Hypotheses may be derived from these sources:
• Friendly or threat intelligence
• Situational awareness
• Domain expertise
This guide explores these three types of hypotheses and outlines how and when to formulate them.
Use this link to read full whitepaper.
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now