Solutions

Advisory Services

Pondurance serves as a trusted security adviser so your cybersecurity program focuses on what's most important to you, and you can sleep at night. 

Threat Hunting And Response

Managed Detection and Response (MDR) capabilities have been around for a while, but the term was first defined by Gartner in 2016. Long before MDR was defined by Gartner, we were busy hunting, detecting, and mitigating threats. We referred to our threat hunting services as Threat Hunting + Response (TH+R), and our initial engagement began in 2012.

It all started when one of our customers, a multibillion-dollar global company, experienced a persistent threat that was taking down multiple network domains. The persistent threat was hard to get rid of, and the customer reached out to us for help. Our Co-Founder Landon Lewis brought a 10-year history of building and managing network sensors. At that time, network security monitoring was the term commonly used to describe the high-fidelity collection, analysis, and threat hunting and detection brought into a customer environment. Landon developed our first sensor, which shed light on the larger attack that the company was experiencing. Once we were able to increase network visibility and see a full picture, we went to work to contain the attack. After this first engagement, the customer asked if we could continue to monitor the networks, and we worked to develop our 24/7 fully managed security offering announced in 2017. 

Virtual Chief Information Security Officer (vCISO) Services

While organizations need an experienced CISO to drive critical initiatives and oversee their security programs, not every organization has the budget for a full-time, top-level CISO.

With decades of experience in security consulting and advisory services, Pondurance delivers a vCISO service that applies expertise where it is needed most.

Incident Response Planning

Pondurance can help your organization to review and develop security incident response plans to ensure that your procedures are comprehensive, actionable and robust. Our methodology ensures that you have incident response plans that cover:


solutions_AR_preparation_ico


Preparation

Establish management commitment, organizational accountability and allocation of resources to prepare.


solutions_MDR_360_ico


Identification

Identify and detect an incident as soon as possible.


solutions_IR_containment_ico


Containment

Develop procedures to help contain damage and restore affected systems to their normal operating state.


solutions_IR_eradication_ico


Eradication

Help develop procedures focused on the removal of threats for infected systems. Pondurance may recommend eradication procedures that are designated for internal execution and others that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc.).


solutions_IR_recovery_ico


Recovery

Develop procedures that provide a basis of recovery for minimum or normal operations.


solutions_AR_learning_ico


Learning

Develop a process for validating the plan, facilitating tabletop exercises and adopting a lessons learned process from real-world events.

Security Testing

Pondurance offers external and internal testing. External testing is designed to represent the visibility and access that an external threat would have and is performed from the Pondurance Penetration Testing laboratory. Internal testing is designed to represent a malicious insider or attacker who has gained a foothold into the network via techniques such as phishing, malware or stolen credentials. The combination of these two methodologies provides enhanced insight into an organization’s defenses.

Penetration Testing

Information gathering

Perform comprehensive discovery and enumeration procedures to target pertinent internal address ranges. Establish a baseline of services to manually test for common configuration issues and vulnerabilities.

Verification and manual testing

Review and validate all identified vulnerabilities to remove false positives. Human-driven manual testing procedures are executed to identify flaws not easily identified with automated tools. Penetration Testing is performed against identified vulnerabilities to evaluate the effectiveness of security controls. 

Vulnerability discovery

Perform detailed security analysis and vulnerability scanning using a comprehensive suite of tools.

Application Security Testing


solutions_AR_dast_ico


Dynamic application testing​

Pondurance performs detailed application security analysis and vulnerability scanning using a comprehensive suite of tools. The testing encompasses the various tiers of the application architecture to provide a deep assessment of critical applications. Areas of testing include, but are not limited to:

 

  • OWASP Top 10
  • Verification and manual testing


solutions_AR_sast_ico


Static application security testing (SAST)

Pondurance will analyze your application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. Our SAST services analyze an application from the “inside out” in a nonrunning state via:
 
  • Information gathering and isolation
  • Automated methods verification and manual review

Red Team Exercise (Physical Penetration Testing)

Pondurance can help validate both digital and physical security to ensure that your organization has a clear understanding of risk. Whether the engagement begins with spear-phishing an employee or attempting to enter facilities, we’ll first discuss all scenarios with you during a rules of engagement meeting. This discussion ensures that your expectations will be met and our techniques are approved.

Some in-scope procedures for the physical Penetration Testing include:

  • Covert facility surveillance
  • Attempts to gain unauthorized entry (RFID cloning, lock picking, etc.)
  • Secure access via tailgating
  • Credential forgery/impersonation
  • Unauthorized access to sensitive materials
  • Clean desk check

A System That Delivers

Cybersecurity technology has improved, but bad actors continue to evolve. The requirements for effective cyber defense have grown beyond traditional data and system security solutions. What worked five years ago no longer covers the complexity of modern threats. As threat actors develop new ways to expose vulnerabilities and exploit businesses, cybersecurity teams are stretched to keep their organizations safe, stable and resilient against attacks. At Pondurance, it’s our job to know the threat so we can provide you with the best service and protection.

Threat Hunting

Threat hunting is a specialized area within the broader realm of cybersecurity. It is not merely about responding to cyber threats, but actively seeking them out before they disrupt the organization’s activities or compromise its resources. The goal is to reduce the dwell time of these threats or eliminate them entirely. Active threat hunting is not just a process but a skill underlined by a deep understanding of threat landscape, the ability to analyze diverse data points, and a knack for anticipating unconventional threat patterns.

While a myriad of cybersecurity services exists, the service of proactive threat hunting is far from commonplace. Among the handful of organizations spearheading this initiative, Pondurance stands out prominently. Committed to a robust, comprehensive approach to cybersecurity, Pondurance considers threat hunting a critical component of its managed detection and response services.

Pondurance’s steadfast belief in active threat hunting is evident in their approach. The well-qualified team of cybersecurity experts doesn’t sit back and wait for an automated system to provide alerts regarding potential threats. Instead, they proactively delve into the networks, systems, and apps to detect potential threats or anomalies that are missed commonly by automated security systems. It’s the human element that adds an extra layer of protection in Pondurance’s cybersecurity strategy.

While threat hunting is quintessential to a holistic cybersecurity program, the need for efficient tools cannot be overstated. Much like a craftsman relies on the best tools to perfect his artwork, a threat hunter too requires a suite of sophisticated tools to augment their methodologies. These threat hunting tools help navigate the vast cyber arena and detect anomalies that often go unnoticed. Implementing such cutting-edge tools can drastically boost the capabilities of a cybersecurity system.

Looking into the myriad options, some platforms have proven their mettle as reliable tools for threat hunting. They comprise features such as machine learning algorithms to spot unusual patterns, data visualization for better threat analysis, and ample integration options upward and downward cybersecurity stack.

In essence, opting for a cybersecurity provider like Pondurance, which incorporates active threat hunting, is not merely an added asset—it’s an imperative. Organizations not only need to keep pace with the evolving threat landscape but stay a few steps ahead. Deploying best-in-class threat hunting tools is no longer an option, but a necessity to fortify the cybersecurity blueprint fully.

Threat Hunting Techniques

Threat hunting is not just a buzzword in the cybersecurity space; it has transformative implications in the realm of modern information security. Fundamental to threat hunting techniques is the proactive stance – a dramatic shift from the passive, reactive methods of traditional security systems. The best threat hunting techniques leverage a mix of advanced technology, sharp analytical capabilities, and an in-depth understanding of the hacker’s mindset. This requires security professionals to make educated assumptions, posing a strategic threat hunting hypothesis to proactively find malicious activity.

Diving deeper into the intriguing world of threat hunting in cybersecurity, one might ask, “what is threat hunting?” Simply put, it is the process of proactively and relentlessly searching for malware or attackers lurking undiscovered in a network. This technique is incredibly crucial for organizations looking to close the breach detection gap and mitigate potential damage in a timely manner.

Pondurance, an authoritativeness when it comes to threat hunting, is an exemplar in the industry. Unlike several cybersecurity firms that rely solely on automated responses to threats, Pondurance prioritizes active threat hunting.

Within the broad scope of cyber threat hunting, several common threat hunting techniques are used by professionals to ensure the highest level of protection. One such technique is the use of Threat Hunting Hypotheses, which takes into consideration known vulnerabilities and creates predictive models for identifying potential threats. This method relies heavily on the amalgamation of threat intelligence, behavioral analytics, and deep investigation.

Other techniques include conducting system sweeps to identify potentially harmful processes, lateral movement detection to identify inconsistencies in normal user behavior, and performing traffic analysis to highlight unusual network behavior. However, the sophistication of these techniques often requires a proficient understanding of cyber ecosystems, which is provided by cybersecurity companies like Pondurance.

To contextualize further, Pondurance incorporates threat hunting into their services, with the objective to operationalize threat intelligence. This enables them to not only protect and detect but also efficiently respond to threats. Their centralized focus lies in safeguarding their client’s infrastructure by actively searching for anomalies, assessing threat patterns, and diagnosing potential vulnerabilities.

To achieve this level of efficiency, Pondurance uses advanced cyber threat hunting methodologies to manage and mitigate cyber risks effectively. These methodologies usually involve an intersection of human expertise, strategic use of threat intelligence, automated solutions, and an understanding of the client’s system to predict potential vulnerabilities. The integration of these methodologies helps to align threat hunting activities with the risk management goals of the client, thereby ensuring that the clients are not only protected but are also prepared to respond to any threats optimally.

In conclusion, threat hunting makes up a significant and proactive part of a reliable cybersecurity strategy. By identifying potential threats before they become actual attacks, organizations can maintain their security posture and avert breaches. Leveraging common threat hunting techniques and methodologies aids in the formation of a comprehensive cybersecurity system. Service providers like Pondurance are instrumental in this regard, helping companies to operationalize threat intelligence and ensure they are well-equipped to detect, respond, and safeguard against potential threats.

In conclusion, the progressive leap from passive security measures to proactive threat hunting signifies a pivotal shift in the cybersecurity landscape. As threat landscapes continue to evolve, proactively seeking out potential threats before they can be exploited is proving to be the most effective line of defense against various cyber threats.

Threat Hunting Framework

Exploring the specialized realm of cyber threat hunting reveals the importance of a methodical approach, the essence of an intelligent framework for threat hunting. These are comprehensive strategies that involve the proactive and iterative process of detecting and isolating advanced threats before they wreak havoc. A key benefit of such a framework is that it allows organizations to stay ahead of imminent threats rather than merely reacting in a passive manner.

Focusing on the open source threat hunting framework, this utilizes the principles of shared knowledge and collaboration. The inclusive format allows various cybersecurity teams globally to both contribute to and learn from the collective intelligence. This synchronized approach can greatly assist in enhancing cyber defense efforts worldwide.

One notable example of a practical tool is the MITRE threat hunting framework. Widely recognized for its effective ATT&CK model, MITRE provides a knowledge base of adversarial tactics, techniques, and procedures based on real-world observations. Using this database, threat hunters can simulate adversarial behavior and predict cyber-attacks, advancing their cyber resilience.

Also noteworthy is the threat hunting framework adopted by the National Institute of Standards and Technology (NIST). The NIST framework prioritizes a risk-based approach, focusing on identifying, protecting, detecting, responding to, and recovering from threats. This structure provides comprehensive guidelines for tech companies to establish a robust infrastructure, ready to fend off cyber threats.

The pinnacle threat hunting framework takes the sophistication a step further. It visualizes threat hunting as a continuous process divided into various stages: collection, analysis, hypothesis, action, and learning. The cyclical approach allows for continuous monitoring and learning, enhancing the overall effectiveness of a given cybersecurity program.

Illustrating threat hunting in action, Pondurance operationalizes threat intelligence by incorporating threat hunting into their services. This allows for more effective protection, detection, and response mechanisms, enhancing the cybersecurity posture of their clients.

In essence, threat hunting frameworks supply a systematic and comprehensive approach to combat advanced cyber threats. They not only enable organizations to protect their systems but also equip them with tools to detect and respond to these threats, thus enhancing overall cyber resilience. These frameworks, when applied well, hold the potential to transform an organization’s cybersecurity strategy, making them less of a target and more of a formidable adversary.