Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organisation. It is based on adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
– THF Sensor for network research and protection
– THF Huntpoint for endpoint protection
– THF Polygon for malware detonation and analysis
– THF Huntbox for collaborative hunting, events correlation and automated response
– THF Sensor Industrial for OT network traffic protection
– THF Decryptor for TSL/SSL traffic decryption
Product’s architecture grants increased visibility and network protection, empowered by Threat Intelligence data and advanced threat hunting and analytical tools. With Group-IB Threat Hunting Framework our customers can:
• Detect previously unknown threats, using ML and dynamic analysis to look for anomalies in network traffic and on the hosts.
• Partially automate threat hunting within and beyond network perimeter with events correlation, attackers’ infrastructure exposer and technological toolkit
• Detonate and analyze malware like no other solution, using realistic virtual environments and unique detection-evasion tools
• Protect workstations, servers and other nodes with instruments for automated incident response and host isolation
• Attribute and analyze threats with network Graph analysis, based on unparalleled amounts of data