As the threat landscape continues to evolve at a staggering pace, organisations are taking more steps to protect their data and information assets. It’s estimated that 50% of network traffic is now encrypted, and threat actors are using increasingly evasive and sophisticated methods to compromise systems leading to an increased gap between attacker actions and security visibility.
Our Advanced Threat Hunting and Detection service is an extension of its Cyber Security Monitoring service and really allows us to provide a much deeper insight into the threats and attacks occurring within an organisation. More importantly, it allows us to apply our knowledge of threat actors and their Tools, Tactics and Procedures (TTPs) to proactively hunt for threats across an organisation.
Taking this proactive, enhanced approach to threat detection reduces attacker dwell time, accelerates incident detection and response and greatly reduces the impact of security incidents when they occur. In addition it also provides organisations with increased confidence in their digital resilience in the knowledge that proactive threat hunts are ongoing across their digital systems, and they are not solely reliant on comparatively passive alarm triggers to identify security problems.
The service follows four key principles to personalise the service and deliver exceptional security value. They are:
With the ever increasing sophistication of cyber attackers and attack methodologies, traditional correlation based monitoring capabilities struggle to identify security issues.
Our Threat Hunting service builds on our Cyber Security Monitoring and Device Management capability, to provide a proactive, human led capability that constantly looks for developing threats, across an organisation’s digital systems. Drawing on available intelligence about threats actors, their methodologies and the tools that they use, the service can target hunting activity to root out and identify more sophisticated attacks.
Enriched Security Information
We have a long and demonstrable history of operating Security Operation Centres (SOC) across government and industry, and with that experience, have observed how attacks are now more complex and sophisticated than ever before. To address this, QinetiQ has introduced capabilities that enhance our visibility, improve our detection capability and accelerate our response.
Using market leading technologies, our capabilities reach much further than ever before. Enhanced endpoint visibility now allows for us to observe malicious behaviour on the endpoint as it occurs in real time, assess the risk and take decision actions to contain the threat and reduce the risk fast.
The service provides clear visibility of what is happening across an organisation’s digital systems by making use of both statistical information and raw network packets.
With the increased amount of security information from security logs, endpoint process data and network traffic the service is able to apply statistical based analysis to look for patterns and trends over time.
The service is also able to make use of automation through machine learning capabilities to continually assess the large data sets.
This gives us a much greater insight into the activity taking place across an organisation’s digital systems, and to identify developing security issues that may previously have gone unnoticed.