Group-IB Threat Hunting Framework

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Group-IB
Company size (employees)500 to 999
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• Not just detection. Threat Hunting Framework both detects threats and conducts local and global Threat Hunting at all levels (including network analysis).
• Global Threat Hunting. Providers of threat hunting offer their services on local networks. However, threat hunting must be done both locally and globally to be effective, which is why Group-IB has invented and implemented Global Threat Hunting.
• Huntpoint graph. Unlike other solutions, Threat Hunting Framework builds not only the Process tree, but also the Mutex, Pipes, Registry, and Files. THF Huntpoint module performs an in-depth analysis of complex attack schemes involving password-protected archives obtained through various attack vectors.

Brief Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organisation. It is based on an adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
• THF Sensor for network research and protection
• THF Huntpoint for endpoint protection
• THF Polygon for malware detonation and analysis
• THF Huntbox for collaborative hunting, events correlation and automated response
• THF Sensor Industrial for OT network traffic protection
• THF Decryptor for TSL/SSL traffic decryption
Product’s architecture grants increased visibility and network protection, empowered by Threat Intelligence data and advanced threat hunting and analytical tools. With Group-IB Threat Hunting Framework our customers can:
• Detect previously unknown threats, using ML and dynamic analysis to look for anomalies in network traffic and on the hosts.
• Partially automate threat hunting within and beyond network perimeter with events correlation, attackers’ infrastructure exposure and technological toolkit
• Detonate and analyze malware like no other solution, using realistic virtual environments and unique detection-evasion tools
• Protect workstations, servers and other nodes with instruments for automated incident response and host isolation
• Attribute and analyze threats with network Graph analysis, based on unparalleled amounts of data