Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organization. It is based on an adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
• THF Sensor for network research and protection
• THF Huntpoint for endpoint protection
• THF Polygon for malware detonation and analysis
• THF Huntbox for collaborative hunting, events correlation and automated response
• THF Sensor Industrial for OT network traffic protection
• THF Decryptor for TSL/SSL traffic decryption
Product’s architecture grants increased visibility and network protection, empowered by Threat Intelligence data and advanced threat hunting and analytical tools. With Group-IB Threat Hunting Framework our customers can:
• Detect previously unknown threats, using ML and dynamic analysis to look for anomalies in network traffic and on the hosts.
• Partially automate threat hunting within and beyond network perimeter with events correlation, attackers’ infrastructure exposure and technological toolkit
• Detonate and analyze malware like no other solution, using realistic virtual environments and unique detection-evasion tools
• Protect workstations, servers and other nodes with instruments for automated incident response and host isolation
• Attribute and analyze threats with network Graph analysis, based on unparalleled amounts of data