Threat Hunting Capabilities
We can help define, design, implement, hunt and mature your
approach to threat hunting within your business
Sentry First Threat Hunters
Sentry First has experienced threat hunters ready to engage client environments to help them meet the complex nature of attacks in modern times.
With attackers being able to go undetected for long periods of time on company networks, proactively hunting adds another capability to your SOC in defending against attackers.
When you can baseline the behaviours of; user applications, user activity and user behaviour. A hunter can find anomalous behaviours to investigate for malicious activity.
Applying an understanding of the key elements/patterns of different attacks in the context of deviation from a baseline of traffic in order to identify anomalies.
Based on threat intelligence and any threat actor attribution that is performed. These TTPs may not have been enough to trigger a security alert and can be hunted in the client systems.
Crown Jewels Threat Hunting
Define what the company sees as their most important assets (AD, Databases, PCI environment) and schedule regular hunts to look at raw logs and traffic to identify any suspicious behaviour.
Mitre Threat Hunting
Utilising the Mitre attack framework, a hunter can identify anomalous and suspicious behaviour by pivoting searches on different attack techniques.