Group-IB Threat Hunting Framework

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Group-IB
Websitehttps://www.group-ib.com/
Company size (employees)500 to 999
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• Expert collaboration and effective support
Certified CERT-GIB 24/7 support and collaboration instruments, involving experienced Group-IB Incident responders, threat researchers and analytics into your processes
• Security team’s empowerment
Automation of routine tasks, Incident response, threat hunting and other activities.
Proven low false-positives rates and effective detection against 0-day threats.
Intelligent events correlation and complex incidents handling
• Full access to advanced toolkit
Best-in-class Malware Detonation Platform and Graph analysis

Brief Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organisation. It is based on adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
– THF Sensor for network research and protection
– THF Huntpoint for endpoint protection
– THF Polygon for malware detonation and analysis
– THF Huntbox for collaborative hunting, events correlation and automated response
– THF Sensor Industrial for OT network traffic protection
– THF Decryptor for TSL/SSL traffic decryption
Product’s architecture grants increased visibility and network protection, empowered by Threat Intelligence data and advanced threat hunting and analytical tools. With Group-IB Threat Hunting Framework our customers can:
• Detect previously unknown threats, using ML and dynamic analysis to look for anomalies in network traffic and on the hosts.
• Partially automate threat hunting within and beyond network perimeter with events correlation, attackers’ infrastructure exposer and technological toolkit
• Detonate and analyze malware like no other solution, using realistic virtual environments and unique detection-evasion tools
• Protect workstations, servers and other nodes with instruments for automated incident response and host isolation
• Attribute and analyze threats with network Graph analysis, based on unparalleled amounts of data