Intelligence-driven Threat Hunting for improving SOC maturity level

with commercial and non-commercial products, technologies and frameworks from IBM, Recorded Future, Elastic, MITRE ATT&CK, The Diamond Model of Intrusion Analysis, MaGMa use case and more

Cyber attackers are constantly becoming more and more subtle while Security Operations (SOC, CERT and CSIRT) continues to scratch on the surface. It doesn’t matter whether that’s a large enterprise, bank or government institution. The evidence is fairly strong that most organizations are pretty bad at security operations . Why are there so many global high-profile breaches? Why can organizations today not adequately detect and respond to breaches while they have spent millions in their Cyber Security defense? You don’t have to be a genius to figure out that there must be vital gaps in the defense ecosystem of organizations. But how to identify these gaps and what course of actions are required?

How to classify, categorize and organize attack scenarios holistically?


About us...

Read our blog...

Training sessions...

Latest Blog feeds

SOC, SOAR, Threat Hunting, SANS 6-step IR, The Diamond Model of Intrusion Analysis, Cyber Threat Intelligence, MaGMa Use Case Framework

Improve your SOC: SOAR or Threat Hunting or both?

June 23, 2020

Based on the sophistication and constant change of the threat landscape in the cyber space, many mature organizations have identified the necessity to improve the detection, analysis and response capabilities of their Security Operation Center (SOC). Currently, security analysts are often engaged with trivial copy-paste or other annoying low-level tasks rather than gaining a deep understanding...

Continue Reading
IBM Resilient SOAR, QRadar, Carbon Black Response, QRadar, A10 Proxy, MITRE ATT&CK

Resilient Playbook and automated actions for Threat Hunting and DFIR

March 31, 2019

Some initial triage task instructions are listed under the Stage 1 Analysis phase of the incident which are processed by the Security Operations team. Once completed, the incident is handed off to the Threat Hunting team for scoping the attack and developing further intelligence. As you can see, all the TTP task instructions regarding APT28 have been loaded into the Stage 2 Analysis phase of this playbook...

Continue Reading