Last Review: 29 September, 2019, Halkyn Consulting Ltd, 2017, http://www.halkynconsulting.co.uk/a/

Cyber Security - Active Threat Hunting

Searching for advanced adversaries hiding in your network.

Attackers are skilled at getting into your network and then hiding. Most of the headline breaches in the news involve cyber criminals sitting on a network for weeks if not months, slowly copying sensitive data. They know how to evade your security controls and often become "invisible" to your monitoring. Our threat hunting service turns the tables and gives you the best chance possible of detecting & defeating the advanced attacker - often preventing any breach entirely. See our testimonials.

Active Cyber Threat Hunting

What you get

We have two traditional engagement models for our active threat hunting service. If you already have a security team, we can act as mentors and advisors helping them improve their hunts and formalise their processes. For other organisations we provide a dedicated threat hunting service where we will deliver an end to end assessment of your environment. As with all our services, we tailor this around your needs and existing cyber security maturity to ensure you get genuine value for money.

Whatever model suits you best at the end of the engagement you will have improved understanding of your network, better visibility around what happens on your end points and either the comfort of knowing that there are no active threats on your network or the reassurance that an attack has been detected and dealt with appropriately. To find out more about our threat hunting service get in touch with our cyber security team today.

Threat Hunting Engagement

While every client is different and we tailor our engagement to your needs, at a very high level we go through three stages as part of the hunting methodology. Normally we will use our own security tooling but if you have specific requirements we will ensure we cater for them. Our testing is always done at a time which suits you and we look to minimise any business disruption.

Cyber Security - Vulnerability Scan

The first stage of our engagement is to scan your environment for security weaknesses which may have been exploited by an attacker. This is not a penetration test and we do not attempt to exploit any ourselves. The objective is to get a picture of what your network looks like to cyber criminals and identify suitable starting points for the next steps. As part of our threat hunting service we will provide you with a full report detailing any vulnerabilities we find with clear remediation guidance.

Cyber Security - Network Threat Hunting

Attackers on your network have to be able to communicate and we use this requirement to help identify their behaviour. We will work with your teams to centralise and analyse all traffic logs from devices such as firewalls or proxy servers. Here we can look for malicious activity such as hidden command and control channels, attempts to bring in hacking tools or exfiltrate data and lateral movement where an attacker is attempting to sneak around your network.

Cyber Security - Endpoint Threat Hunting

In parallel to the network assessment, we will use a combination of your operating system logs and forensic tooling to review your servers, desktops and laptop devices to look for malicious activity. This can range from finding previously undetected phishing attacks, advanced malware hidden inside innocuous documents or advanced remote access trojans. We will look at how your devices communicate on the network and investigate any deviations. Remember, even the most skilled attacker has to compromise a device at some point and in doing so they will leave traces we can find.

Active Threat Hunting Deliverables

At the end of our engagement, if we fail to find an active threat, we will provide you with a detailed report of any vulnerabilities we found, guidance on what actions you should take to mitigate or remove them, details of what adversary behaviour we looked for and what conclusions can be drawn from the lack of any detection. However if we do find a threat in addition to the report we will work with you to deal with the incident and clear out your environment.