REQUEST A DEMO
Solutions

Advisory Services

Pondurance serves as a trusted security adviser so your cybersecurity program focuses on what's most important to you, and you can sleep at night. 



Request Info

Threat Hunting

Managed Detection and Response (MDR) capabilities have been around for a while, but the term was first defined by Gartner in 2016. Long before MDR was defined by Gartner, we were busy hunting, detecting, and mitigating threats. We referred to our threat hunting services as Threat Hunting + Response (TH+R), and our initial engagement began in 2012.

It all started when one of our customers, a multibillion-dollar global company, experienced a persistent threat that was taking down multiple network domains. The persistent threat was hard to get rid of, and the customer reached out to us for help. Our Co-Founder Landon Lewis brought a 10-year history of building and managing network sensors. At that time, network security monitoring was the term commonly used to describe the high-fidelity collection, analysis, and threat hunting and detection brought into a customer environment. Landon developed our first sensor, which shed light on the larger attack that the company was experiencing. Once we were able to increase network visibility and see a full picture, we went to work to contain the attack. After this first engagement, the customer asked if we could continue to monitor the networks, and we worked to develop our 24/7 fully managed security offering announced in 2017. 



Learn More

Virtual Chief Information Security Officer (vCISO) Services

While organizations need an experienced CISO to drive critical initiatives and oversee their security programs, not every organization has the budget for a full-time, top-level CISO.

With decades of experience in security consulting and advisory services, Pondurance delivers a vCISO service that applies expertise where it is needed most.



Learn More about VCISO Services

Incident Response Planning

Pondurance can help your organization to review and develop security incident response plans to ensure that your procedures are comprehensive, actionable and robust. Our methodology ensures that you have incident response plans that cover:


solutions_AR_preparation_ico


Preparation

Establish management commitment, organizational accountability and allocation of resources to prepare.


solutions_MDR_360_ico


Identification

Identify and detect an incident as soon as possible.


solutions_IR_containment_ico


Containment

Develop procedures to help contain damage and restore affected systems to their normal operating state.


solutions_IR_eradication_ico


Eradication

Help develop procedures focused on the removal of threats for infected systems. Pondurance may recommend eradication procedures that are designated for internal execution and others that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc.).


solutions_IR_recovery_ico


Recovery

Develop procedures that provide a basis of recovery for minimum or normal operations.


solutions_AR_learning_ico


Learning

Develop a process for validating the plan, facilitating tabletop exercises and adopting a lessons learned process from real-world events.

Security Testing

Pondurance offers external and internal testing. External testing is designed to represent the visibility and access that an external threat would have and is performed from the Pondurance Penetration Testing laboratory. Internal testing is designed to represent a malicious insider or attacker who has gained a foothold into the network via techniques such as phishing, malware or stolen credentials. The combination of these two methodologies provides enhanced insight into an organization’s defenses.

Penetration Testing

Information gathering

Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.

Verification and manual testing

Review and validate all identified vulnerabilities to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration Testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls. 

Vulnerability discovery

Perform detailed security analysis and vulnerability scanning using a comprehensive suite of tools.

Application Security Testing


solutions_AR_dast_ico


Dynamic application testing​

Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of testing include, but are not limited to:

 

  • OWASP Top 10
  • Verification and manual testing


solutions_AR_sast_ico


Static application security testing (SAST)

Pondurance will analyze your application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. Our SAST services analyze an application from the “inside out” in a nonrunning state via:
 
  • Information gathering and isolation
  • Automated methods verification and manual review

Red Team Exercise (Physical Penetration Testing)

Pondurance can help validate both digital and physical security to ensure that your organization has a clear understanding of risk. Whether the engagement begins with spear-phishing an employee or attempting to enter facilities, we’ll first discuss all scenarios with you during a rules of engagement meeting. This discussion ensures that your expectations will be met and our techniques are approved.

Some in-scope procedures for the physical Penetration Testing include:

  • Covert facility surveillance
  • Attempts to gain unauthorized entry (RFID cloning, lock picking, etc.)
  • Secure access via tailgating
  • Credential forgery/impersonation
  • Unauthorized access to sensitive materials
  • Clean desk check

A System That Delivers

Cybersecurity technology has improved, but bad actors continue to evolve. The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cybersecurity teams are stretched to keep their organizations safe, stable and resilient against attacks. At Pondurance, it’s our job to know the threat so we can provide you with the best service and protection.

white pondurance logo

Capabilities


Managed Detection & Response (MDR)

Incident Response (IR)

Advisory Services

Vulnerability Management

Partners

Company

About Us

Blog

Careers

Contact

Threat Hunting and Response

In the ever-evolving landscape of cybercrime, ‘threat hunting and response’ has emerged as a critical aspect of cybersecurity. Modeling sophisticated behavior and combating advanced cyber adversaries necessitates a proactive approach, which is unequivocally emphasized in cyber threat hunting. As the name suggests, it involves actively hunting for threats that may not yet be recognized by existing automated security systems, establishing a proactive posture towards ensuring cybersecurity.

Cyber threat hunting is an active approach, leveraging both automated and human elements to identify and mitigate threats. This usually necessitates a level of expertise that’s able to interpret and correlate data, detect patterns, and understand the potential attack vectors that adversaries might exploit. It broadens the cybersecurity net to not only focus on known threats but also potentially harmful activities that could lead to security breaches.

Within the broad scope of cyber threat hunting, several common threat hunting techniques are used by professionals to ensure the highest level of protection. One such technique is the use of Threat Hunting Hypotheses, which takes into consideration known vulnerabilities and creates predictive models for identifying potential threats. This method relies heavily on the amalgamation of threat intelligence, behavioral analytics, and deep investigation.

Other techniques include conducting system sweeps to identify potentially harmful processes, lateral movement detection to identify inconsistencies in normal user behavior, and performing traffic analysis to highlight unusual network behavior. However, the sophistication of these techniques often requires a proficient understanding of cyber ecosystems, which is provided by cybersecurity companies like Pondurance.

To contextualize further, Pondurance incorporates threat hunting into their services, with the objective to operationalize threat intelligence. This enables them to not only protect and detect but also efficiently respond to threats. Their centralized focus lies in safeguarding their client’s infrastructure by actively searching for anomalies, assessing threat patterns, and diagnosing potential vulnerabilities.

To achieve this level of efficiency, Pondurance uses advanced cyber threat hunting methodologies to manage and mitigate cyber risks effectively. These methodologies usually involve an intersection of human expertise, strategic use of threat intelligence, automated solutions, and an understanding of the client’s system to predict potential vulnerabilities. The integration of these methodologies helps to align threat hunting activities with the risk management goals of the client, thereby ensuring that the clients are not only protected but are also prepared to respond to any threats optimally.

In conclusion, threat hunting and response make up a significant and proactive part of a reliable cybersecurity strategy. By identifying potential threats before they become actual attacks, organizations can maintain their security posture and avert breaches. Leveraging common threat hunting techniques and methodologies aids in the formation of a comprehensive cybersecurity system. Service providers like Pondurance are instrumental in this regard, helping companies to operationalize threat intelligence and ensure they are well-equipped to detect, respond, and safeguard against potential threats.

Cyber Threat Hunting Best Practices

In the realm of cybersecurity, a preemptive and proactive stance is of vital importance, and an emerging practice that embodies this proactive approach is cyber threat hunting. This method hails as an advanced and proactive cybersecurity mechanism that emphasizes the ‘hunter’ role of the cybersecurity analyst in detecting hidden, dormant, or emerging threats in the network that conventional security measures might not be able to detect. The result is a shift from a strictly defensive stance to an offensive one, enabling organizations to detect potential threats at an early stage.

Cyber threat hunting incorporates a variety of methods and practices, rendering the discovery of potential cyber threats achievable. There are various types of threat hunting, classified majorly based on how they approach the search for potential threats. Within these consist of hypothesis-driven threat hunting, where an analyst, guided by a hypothesis about a potential threat or vulnerability, conducts targeted searches. Situational awareness hunting, on the other hand, banks on the understanding of the normal state of a network to detect anomalies. Lastly, there is the method of TTP (Tactics, Techniques, and Procedures) based hunting, where teams leverage their knowledge of adversary TTP’s to search for similar signs in their networks.

Indicators of Compromise (IOCs) play a pivotal role in cyber threat hunting. IOCs serve as unique, distinct pieces of evidence that hint at a breach or impending attack, enabling cybersecurity teams to swiftly address potential cyber threats. By meticulously monitoring and assessing these indicators, analysts can discover hidden threats and bolster their network’s security.

To fortify the threat hunting process, seasoned threat hunters often lean on the invaluable data provided by published vulnerability reports and threat intelligence reports. Published vulnerabilities reports aid in shedding light on the existing vulnerabilities that the adversaries might exploit. By staying abreast of these published reports, cybersecurity experts can identify and patch vulnerabilities to boost their defenses even before an attack is launched.

Threat intelligence reports, another essential cog in the threat hunting wheel, offer informed insights about threats from different sources, enabling teams to understand the threat landscape better. These reports provide information about threat actors, their common tactics, techniques, methodologies, and IOCs, thus allowing threat hunters to anticipate, detect, and counteract cyber threats effectively.

As an example of cyber threat hunting done right, Pondurance sets a compelling case study. This cybersecurity firm operationalizes threat intelligence seamlessly for its clientele, enabling them to better detect, protect, and respond to potential threats. By incorporating different threat hunting methods and practices into their service portfolio, the company allows its clients to stay a step ahead of potential threats in the digital realm.

In sum, cyber threat hunting is transforming the cybersecurity landscape, allowing institutions to assume a more proactive stand against cyber threats. The incorporation of threat hunting types, reliance on IOCs, utilization of published vulnerability and cyber intelligence reports strengthens cybersecurity parameters enormously. As phishing attempts, ransomware attacks, and data breaches grow in their sophistication every day, proactive cyber threat hunting undoubtedly emerges as a necessary defense tool.

Threat Hunting and Response Examples

Cyber threat hunting, being an inherently proactive process, allows cybersecurity professionals to actively pursue undetected threats lurking in the depths of their networks. Hence, this approach bolsters the defensive machinery, providing a proactive initiative to potential cyber-attacks while raising an organization’s cybersecurity posture effectively.

Beginning with the threat hunting hypothesis, this step is a seasoned mix of experience-layered intuitions and evidence-based assumptions. In an endless sea of threat possibilities, the hypothesis guides us toward the shore, providing a tractable scope to operate within. While proposing a hypothesis, often a starting point of potential leads or behaviors are indicated based on the attacker’s methods, advanced persistent threats or latest insights from industry alerts and reports.

The treasure trove of threat hunting comprises several distinct types. Behavioral threat hunting recognizes aberrant behavioral patterns in a network. Similarly, situational threat hunting uses a typical cyber-threat situation to create a scenario-based threat model – critical assets are highlighted alongside their vulnerabilities, and plausible threat actors are identified. This form is identified as threat hunting in cyber security, a paradigm underlining the urgency to shift from a reactionary to a preventative approach.

Pondurance, an industry-leading cybersecurity firm, has integrated cyber threat hunting into its services to operationalize threat intelligence effectively. They systematically identify, analyze and respond to threats – a model endorsing constant vigilance rather than sporadic bursts of response activity, thus providing a robust and resilient shield around information assets. Its threat hunting ideas incorporate real-time monitoring, thorough threat assessment and responsive actions.

As eliminating all vulnerabilities is practically unattainable, threat hunting and response examples provide concrete steps for an organization to follow. They emphasize on identifying and mitigating threats, long before they convert into full-blown attacks. Sophisticated scanning tools fused with skilled human instinct make cyber threat hunting a highly sought after cybersecurity discipline today.

In sum, threat hunting lies at the core of any cybersecurity protocol. Its propensity to preemptively sanitize the systems from hidden and upcoming threats makes it highly desirable. Its application and the resultant outcomes serve as a testament to the paradigm shift that the cybersecurity industry is witnessing today. An integral part of any cybersecurity program, it offers a solid defense, security, and peace of mind.

Threat Hunting and Response Examples

Exploring the niche area of cyber threat hunting unveils the significance of a systematic approach, the essence of a threat hunting framework. These are comprehensive strategies that involve the proactive and iterative process of detecting and isolating advanced threats before they cause damage. A key advantage of such a framework is that it enables organizations to stay ahead of impending threats rather than merely responding in a reactive manner.

Focusing on the open threat hunting framework, this applies the principles of shared knowledge and collaboration. The open format allows for different cybersecurity teams worldwide to both contribute to and learn from the collective intelligence. This harmonized approach can massively assist in enhancing cyber defense efforts across the globe.

One strong example of a practical tool is the MITRE threat hunting framework. Widely recognized for its effective ATT&CK model, MITRE provides a knowledge base of adversarial tactics, techniques, and procedures based on real-world observations. Using this database, threat hunters can simulate adversarial behavior and predict cyber-attacks, advancing their cyber resilience.

Also noteworthy is the threat hunting framework adopted by the National Institute of Standards and Technology (NIST). The NIST framework prioritizes a risk-based approach, focusing on identifying, protecting, detecting, responding to, and recovering from threats. This structure provides thorough guidelines for tech companies to establish a resilient infrastructure, ready to ward off cyber threats.

The peak threat hunting framework takes the sophistication a notch higher. It visualizes threat hunting as a continuous process divided into various stages: collection, analysis, hypothesis, action, and learning. The cyclical approach allows for continuous monitoring and learning, enhancing the overall effectiveness of a given cybersecurity program.

Illustrating threat hunting in action, Pondurance operationalizes threat intelligence by incorporating threat hunting into their services. This allows for more effective protection, detection, and response mechanisms, enhancing the cybersecurity posture of their clients.

In essence, threat hunting frameworks supply a systematic and comprehensive approach to combat advanced cyber threats. They not only enable organizations to protect their systems but also equip them with tools to detect and respond to these threats, thus enhancing overall cyber resilience. These frameworks, when applied well, hold the potential to transform an organization’s cybersecurity strategy, making them less of a target and more of a formidable adversary.

Related Topics

500 N. Meridian St., Suite 500
Indianapolis, IN 46204
1-888-385-1702


Twitter

Linked-in

Facebook
Capabilities
Company

Sign Up for Our Communications

All Rights Reserved © Pondurance | Privacy Policy