Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organization. It is based on an adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
• THF Sensor for network research and protection
• THF Huntpoint for endpoint protection
• THF Polygon for malware detonation and analysis
• THF Huntbox for collaborative hunting, events correlation and automated response
• THF Sensor Industrial for OT network traffic protection
• THF Decryptor for TSL/SSL traffic decryption
Product’s architecture grants increased visibility and network protection, empowered by Threat Intelligence data and advanced threat hunting and analytical tools. With Group-IB Threat Hunting Framework our customers can:
Detect previously unknown threats, using ML and dynamic analysis to look for anomalies in network traffic and on the hosts.
Partially automate threat hunting within and beyond network perimeter with events correlation, attackers’ infrastructure exposer and technological toolkit
Detonate and analyze malware like no other solution, using realistic virtual environments and unique detection-evasion tools
Protect workstations, servers and other nodes with instruments for automated incident response and host isolation
Attribute and analyze threats with network Graph analysis, based on unparalleled amounts of data