Group-IB Threat Hunting Framework
Photo Gallery
Group-IB Threat Hunting Framework
Additional Info
Company | Group-IB |
Website | https://www.group-ib.com/ |
Company size (employees) | 500 to 999 |
Overview
Group-IB Threat Hunting Framework (THF) — adversary-centric detection of targeted attacks and unknown threats. Group-IB THF provides proactive local and global threat hunting using proprietary patented technologies. Module for endpoints Huntpoint provides host control and protection against targeted attacks. It is also used to collect additional contextual information and detect malicious activity on the host.
Group-IB THF Huntpoint:
• Analyzes behavior, not only indicators and rules as EDR
• Collects 40+ system event types and makes them available for manual analytical threat search (manual threat-hunting) for unlimited time
• Implements Incident Response functions: host isolation from the network, automatic ban on the execution of malicious files, termination of malicious processes
• Enables remote forensics and incident response.
THF Huntpoint is a lightweight solution that protects against APT attacks, responds to incidents remotely, and conducts threat hunting.
Individual next-generation security tools, like EDR, do not give insight into other elements of an attack like network traffic analysis or malware analysis. All our modules were designed to catch nowadays threats. With the enriched context we can obtain more information upon the attack and attacker.
Having whole Group-IB THF solution allows to obtain all the context, providing full visibility to a reconstructed chain of an attack, prevent the possible harm from all available channels – block emails with malicious payload, kill processes or restrict objects on the Huntpoints in case of appearance of strange traffic or lateral movement attempt, Huntbox provides response capabilities such as blocking host from environment, block hashes across all Huntpoints providing such visibility on each Huntpoint as Polygon has.
How we are different
• Group-IB’s THF Huntpoint technical approach involves: continuous forensic data collection from end hosts; automatic file object transfer for behavioral analysis* (requires Polygon); YARA rules for additional fine-tuning of file and link analysis* (using Polygon); automatic blocking of malware launches; automatic quarantine implementation for malware for further analysis; automatic blocking of malicious processes; access to Group-IB’s malicious objects database for reputation checks when behavioral analysis is not needed; Blocking of possible end host interaction when requested by the analyst; threat hunting by data collected; collected data is stored locally in case connection with Huntbox is lost; centralized management from Huntbox with on-premise/on-cloud deployment options.
• In our 17 years as an Incident Response and Threat Intelligence Provider Group-IB has responded to thousands of incidents at organizations with well funded and competent information security departments. All this knowledge with all the information about adversaries‘ TTPs, infrastructure and IoCs enrich the context of every threat found, allowing us to detect and prevent possible harm on approach.
• Above all, using Group-IB THF our customers get all the necessary help from our specialists in Threat Hunting, SOC or Investigation the complex incident. Our customers’ experience and success stories show that the key business benefit of THF is that our solution operates as an advanced substitute for having a whole department of specialists who are constantly monitoring the situation and all the events that are emerging in the infrastructure. Group-IB Threat Hunting Framework customer’s success stories may be found through the following links:
https://www.group-ib.com/success/Group-IB_THF_Success_story_Tinkoff_EN.pdf
https://www.group-ib.com/success/Group-IB_THF_Success_story_Simple_wine_EN.pdf
https://www.group-ib.com/success/Group-IB_THF_Success_story_Alfastrakh_EN.pdf