Group-IB Threat Hunting Framework

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Group-IB
Company size (employees)500 to 999
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• Network traffic analysis using signatures
Attacks are detected by searching for certain patterns in network traffic (e.g., byte sequences), known commands, or sequences of commands used by malware.
• Analysis of network anomalies
Machine learning algorithms are used to detect covert channels and anomalies in network traffic, such as DGAs (Domain Generation Algorithms) or tunnels in application layer protocols.
• North/south and East/west traffic
- C&C communication channels
- Payloads
- Advanced vulnerabilities for infection
- Covert channels for commands
and data upload
- Lateral movement
- Privilege escalation, using remote access & vulnerabilities
- Policy violation including LOTL techniques.

Brief Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organization. It is based on an adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
It consists of 6 different modules, each one is a complex and advanced solution on its own:
• THF Sensor for network research and protection
• THF Huntpoint for endpoint protection
• THF Polygon for malware detonation and analysis
• THF Huntbox for collaborative hunting, events correlation and automated response
• THF Sensor Industrial for OT network traffic protection
• THF Decryptor for TSL/SSL traffic decryption
Product’s architecture grants increased visibility and network protection, empowered by Threat Intelligence data and advanced threat hunting and analytical tools. With Group-IB Threat Hunting Framework our customers can:
• Detect previously unknown threats, using ML and dynamic analysis to look for anomalies in network traffic and on the hosts.
• Partially automate threat hunting within and beyond network perimeter with events correlation, attackers’ infrastructure exposure and technological toolkit
• Detonate and analyze malware like no other solution, using realistic virtual environments and unique detection-evasion tools
• Protect workstations, servers and other nodes with instruments for automated incident response and host isolation
• Attribute and analyze threats with network Graph analysis, based on unparalleled amounts of data