Group-IB Threat Hunting Framework

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Group-IB
Company size (employees)500 to 999
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• Group-IB’s Threat Hunting Framework is a first unified platform for protection of either IT and OT segments and collaborative research in unified interface with best industry experts. Our solution provides an innovative endpoint module for real time hosts protection and malicious behavior detection with a unique patented server-side classifier. Group-IB THF is a patented Malware detonation technology that goes far beyond traditional sandboxing and sets up new industry standards for file analysis solutions. Our solution also provides a joint network security solution for protecting either IT and OT network segments and high-performance AI-driven classifier.
• In our 17 years as an Incident Response and Threat Intelligence Provider Group-IB has responded to thousands of incidents at organizations with well funded and competent information security departments. All this knowledge with all the information about adversaries‘ TTPs, infrastructure and IoCs enrich the context of every threat found, allowing us to detect and prevent possible harm on approach.
• Having Group-IB THF solution allows to obtain all the context, providing full visibility to a reconstructed chain of an attack and prevent the possible harm from all available channels – block emails with malicious payload, kill processes or restrict objects on the THF Huntpoint in case of appearance of strange traffic or lateral movement attempt.

Brief Overview

Group-IB’s Threat Hunting Framework (THF) offers everything that’s needed to ensure email security in both monitoring and blocking mode, regardless of whether your company has a cloud, physical, or hybrid email configuration:
• In-depth analysis of network traffic to detect anomalies and malicious traffic
• Behavioral analysis of files and links in isolated environments
• Detection of anomalies in user and software behavior
• Automated hypothesis testing for unknown threats
• Use of indicators provided by Group-IB Threat Intelligence & Attribution
• Correlation of events collected by Group-IB THF modules
Group-IB Threat Hunting Framework consists of several modules that protect client email:
• THF Sensor analyzes all traffic and extracts emails for further analysis.
• THF Polygon analyzes emails in an isolated environment and detonates malicious activity.
• THF Huntbox manages the entire detection infrastructure.
Group-IB Threat Hunting Framework provides:
• Management of complex incidents
Performs behavioral analysis for software and users, and event correlation.
• Proactive threat hunting
Hunts on hosts and in network traffic within and outside the perimeter, while also analyzing adversaries’ infrastructure.
• Malware detonation and analysis
Patented technology performs dynamic analysis of malware on virtual machines, and fully executes malicious code and extracts IoCs.
• Access to threat intelligence data
Attributes scattered events to specific malware types and families or certain cybercriminal groups for efficient attack termination.
• Business continuity
Low false positive rate prevents important business processes from stopping.
• Collaboration with experts
Provides shared environment, remote incident response, digital forensics, and access to analysts’ community.
• Automation and efficiency
Automatic incident investigation that saves time on routine tasks.
• Unified security solution for IT and OT
The system contains all the tools for adaptive automation of research, threat hunting, and IR.
• Ready-to-use Integration
Adapted for SIEM, event and log storage systems.