Group-IB Threat Hunting Framework and Threat Intelligence & Attribution

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Group-IB
Company size (employees)500 to 999
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• Attribution: Trace the connection between your technical indicators and events collected by Group-IB THF, and the specific threat actor or malware type. Discover their TTPs to prevent or stop the attack from spreading.
• Actionable Intel relevant to your business: Be first to know whether your company is mentioned on underground forums, data from your infrastructure has leaked, your clients’ or partners’ data is for sale, your code has appeared in repositories, etc.
• Customized reports and research: With internal data from Group-IB THF strengthened by Group-IB TI&A, Group-IB analysts provide specific reports upon request. They can be tailored to certain threats a company or industry faces.

Brief Overview

It’s time to enrich internal threat detection with intelligence data to hunt down threats and predict adversaries’ next moves to stay one step ahead. Group-IB’s approach combines the capabilities of Group-IB Threat Hunting Framework (THF) and Group-IB Threat Intelligence & Attribution (TI&A) to provide necessary context for the cybersecurity data collected in your perimeter and improve your overall protection.
Group-IB THF hunts for malicious activity overlooked by traditional security tools such as antivirus software, firewalls, and intrusion prevention systems.
Features and benefits
• Traffic analysis for anomalies and suspicious activity
• Malware (links and files) detonation to prevent intrusions/breaches
• Easy and efficient control over and overview of managed protection infrastructure
• Machine learning algorithms to detect unknown threats
• Event correlation from all system modules
• Comprehensive reports
• Control over devices and applications and retrospective analysis
• Supported protocols: DNS, FTP, HTTP, RDP, SMB, SMTP, SSH.
• Integration with SIEM, SOAR, IRP systems
• 10-20 Gbps throughput
• Can be installed on-premises from ISO-image delivered as an appliance or virtual appliance
• Ability to decrypt traffic and monitor industrial networks
Group-IB TI&A. Strategic and tactical actionable intelligence from unique and mostly closed data sources. Threats, leaks, vulnerabilities and others to actively protect your business and develop your cybersecurity infrastructure.
Group-IB TI&A data sources
• Entire IPv4 space scans for open ports and running services
• Tracking of all domain names being registered
• Passive DNS
• ISP-level sensors
• History of all changes made on the Internet
• Unique IoCs from Group-IB THF
• Experience in reverse engineering, IR, digital forensics
• Honeypots, sinkholing
• Insiders underground (11 languages)
• Access to closed cybercommunities: SOCs, other vendors, law enforcement agencies