Threat hunting allows you to rapidly uncover cyber-attacks, attack campaigns or find hidden malwares deep within your systems that may have evaded your existing security defences.
Qseap’s Threat Hunting process is carried out with Cyberange Advanced Forensic Threat Hunting Toolkit that detects zero-days and unknown threats within systems. Combined with threat hunting agents, solution allows rapid identification and hunting of threats on all platforms, including Windows, Linux and MacOS.
The APT scans are driven by Cyberange Threat Intelligence API that is updated with global information on latest threats and Indicators of Compromise (IOCs). Cyberange has a database of over 40+ Million malwares, one of the largest in the world and is updated on daily basis.
The Forensic Investigation process during threat hunting can involve multiple steps depending on the incident. The on-demand service is carried out when an incident is reported, a suspected compromised system is identified and a detailed forensic investigation is needed for legal and insurance compliance. The aim is to understand the attacker / malware activity and do root-cause analysis. The process can involve isolation of system from network, complete image analysis and even investigation in specialized labs for proper evidence collection.
The Cyberange XM EDR (End-point Detection and Response) Threat Analytics Platform is for large enterprises who operate on stringent SLAs and need rapid threat detection and threat hunting across thousands of systems with user entity and behaviour analysis. With a centralized dashboard to manage all your scans and get pre-emptive analysis of threats using machine learning, the XM TAP provides a scalable response platform to rapidly detect hidden threats in your network.
1. Cross platform agents and sensors
2. In-built threat intelligence feed
3. In-depth Triage scans
4. Memory Forensics
5. File Integrity Scans
6. IOC Scan
7. Simplified Dashboard
8. Automatic updates
9. Schedule scans across networks
10. Detailed user behaviour analytics
11. Over 400+ algorithms for anomaly detection
12. End-point threat hunting scan profiles
13. SIEM Integration for alerts
14. Compliance check of end-points
15. Export reports in multiple formats
The XM TAP widens the reach and capabilities of your Security Operations Centre (SOC) by integrating with SIEM to provide you real-time alerts of threats detected across end-points.
It provides essential response features lacking in SIEM such as collection of file system, registry or memory forensics for evidence collection on end-point, malware process termination, zero-day attack detection, unknown malware detection, advanced user behavior analytics, triage scanning and case management.
1. Detect port scans from unapproved LAN hosts
2. Accesses from unapproved endpoints / devices
3. Transfer out of sensitive files via USB
4. Total Devices without secure configurations for HW/SW
5. Ratio of unauthorized software
6. Number of “honey” shares on file shares
7. Number of instances of password and access/admin policy violation
8. Number of Security related service downtimes
9. Mean time to patch applications
10. Patch Latency
11. Changes to integrity of files on end-points
12. Anomaly detection of behavior – example: Login at 8 PM, elevation of account
13. Alert admins immediately if attacks are planned / detected
14. Detect threat sources 15. Get early warning of threats.
16. Detect unknown / zero-day attacks with anomaly detection
17. Detect MITM attacks
18. Uncover Browser based attacks on end-points
19. Detect Advanced Persistent Threats (APTs) with advanced Threat Intelligence
20. Get cyber situational awareness
21. Detect lateral movement of malwares
22. Detect server access anomaly
23. Advanced BOT detection
24. Get Triage scan for threat hunting
25. Conduct memory forensics for file-less malware attacks
And more! The threat analytics platform from Cyberange has advanced machine that enables pre-emptive detection of threats in your network.
Qseap © Copyright 2019