Managed HUNT
Continuous Threat Hunting
With the ever-changing threat landscape and the evolution of malware, cyber-attacks are an increasingly serious risk for organizations. Many companies seem to believe that their organization won’t be targeted. They might say that their organization is too small to be on an attacker’s radar, or that they don’t have anything worth attacking, but the truth is that cyber criminals are indiscriminate in their attacks and can almost always find something worth stealing. A lot of companies that say they won’t be targeted may have already been breached – they just don’t know it yet. And as the Ponemon 2017 Cost of a Data Breach Study shows, the longer it takes to detect a breach, the more expensive it will be. The study found that US companies took an average of 206 days to detect a data breach. This is a slight increase on the previous year (201 days). Ponemon suggests all organizations should aim to identify a breach within 100 days. The average cost of identifying a breach within this time was $5.99 million, but for breaches that took longer to identify, the average cost rose to $8.70 million. There is a similar correlation in terms of containing a breach. Breaches that took less than 30 days to contain had an average cost of $5.87 million, but this rose to $8.83 million for breaches that took longer to contain. At Inceptus we think 100 days is too long, so we designed a service to rapidly detect these intrusions to contain the attack.
Are Your Security Controls Working?
Inceptus’ Managed HUNT service evaluates an organization’s enterprise for the presence of advanced attacks, stealthy malware and persistent threats that may have successfully bypassed existing defenses. This is accomplished by attempting to discover Indicators of Attack (IoA) and Indicators of Compromise (IoC) left after an attack has been perpetrated. Managed HUNT combines automated data collection and proactive analysis by highly skilled analyst to bring the most advanced forensic detection and alerting. We make it easy for organizations to rapidly deploy our services with minimal effort and no on-site equipment. We simply deploy our lightweight “run and done” client on your endpoints, collect relevant information from the system, encrypt the data and send it to our cloud-based analytics system for analysis.
What Do We Look At?
File System Attributes
Operating System Artifacts
File System Attributes
Windows PE Attributes
Operating System Artifacts
File System Attributes
.
Operating System Artifacts
Operating System Artifacts
Standard System Information
Standard System Information
Standard System Information
Standard System Information
Volatile Data
Standard System Information
Volatile Data
DNS Cache
Standard System Information
Volatile Data
We Found Something! Now What?
Inceptus will notify the you immediately of the intrusion and give details as to the nature of the discovery. This will provide you with the detail that is needed to decide on the best course of action. Inceptus can also be engaged to conduct a multi-phase process beginning with incident triage and provide you with an action plan for execution. You can decide, based on the action plan, how to utilize Inceptus’ expertise for further analysis. During this time, Inceptus will, conduct a number of cyber incident response activities which may include digital forensics, malicious code analysis, log reviews, system access level analysis, timeline analysis, recovery of exfiltrated data, persistence, entrenchment, lateral movement techniques, tools the attackers used (including system administrator tools, remote desktop, PsExec, net command, etc.), host and network indicators of compromise, existing monitoring capabilities, other traditional and non-traditional incident response and investigative tasks. Deliverables will include status reports, which may include a comprehensive list of indicators of compromise, identified risk factors and recommendations, analysis reports, management, and other deliverables as necessary .