Booz Allen’s Threat Hunting
Promote this Nomination
Booz Allen’s Threat Hunting
|Company (that provides the nominated product / solution / service)||Booz Allen Hamilton|
|Company size (employees)||10,000 or more|
|Type of solution||Service|
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
• Our threat hunting is driven by our expanding Hunt Analytic Library, with 500+ analytics covering threat activity across more than 75% of the ATT&CK framework. We ingest up-to-the-minute cyber threat intelligence, and learn from hands-on purple teams (pitting our world-class red team experts against our top-notch threat hunters).
Summary of Achievements
Booz Allen’s pre-eminent technology-enabled service for Threat Hunting (TH) was developed and honed over decades of analytical support to the U.S. Intelligence Community. At the forefront of data science and cybersecurity, we maximize a clients’ previous investment in endpoint detection and response (EDR) and network sensor technology. Without additional proprietary on-premise devices or endpoint agents, our threat hunters utilize a scalable TH platform to ingests, correlate, and enrich data from the top EDR and network defense vendors. We proved our innovation through discovery/disclosure of advanced threats previously unknown across industry and U.S. Government.
Advanced persistent threat actors (APTs) are smart, fast, and engage in long-term campaigns to compromise networks. APTs are skilled at defeating rule-based cybersecurity defenses by upgrading malicious tools, techniques, and procedures – gaining access into a network and then maintaining a hidden presence. Hunting is often considered a post-incident activity, however, our TH is a proactive, cyclical process employed to find APTs who fall below the alert threshold of traditional security information and event management (SIEM) platforms, or for which there are no alerts.
Our holistic approach leverages sophisticated tools/tradecraft, such as hypothesis-based threat analytics, artificial intelligence, and cyber threat intelligence. This tradecraft is backed by a flexible and scalable microservices-based data processing architecture, deployable both in the cloud and on-premise. This automation allows us to generate, triage, and prioritize hundreds of high-confidence datasets that provide multiple overlapping windows into potential threat activity. By pairing these tools with our highly-skilled analysts, we have created a scalable and repeatable process that reduces APT dwell time and provides our clients with the knowledge necessary to strengthen network defenses and mitigate adversary activity. Coupling TH and analytics hones focus on the adversary, which helped us to identify a threat’s spyware executing code across our client’s operation systems (Windows, Linux, OSX).