Threat Hunting &
Anomaly Detection
A Managed Security Service provided by ISSP SOC, designed to meet advanced requirements for information security incident management and to ensure operational cybersecurity within organizations.
Empower Your Defense with ISSP SOC
The service employs best practices in identifying known information security threats and discovering unknown threats by utilizing behavioral analysis to detect anomalies.
Proactive Security
Stay ahead of threats by identifying known and unknown risks through behavioral analysis
Timely
Response
Detect and respond to potential security threats in their early stages of development
Enhanced Visibility
Gain insights into abnormal behaviors and potential risks in your systems
Transforming Challenges into Opportunities
ISSP SOC's service transforms these pain points into opportunities for proactive defense.
Undetected Risks
Rapidly Changing Tactics
Overwhelmed Security Teams
Service Features: How It Works
As part of the ISSP SOC Threat Hunting service, SOC analysts monitor customer endpoints in-depth to detect both known and unknown information security threats. This is achieved by installing specialized Agents on the monitored systems, which collect detailed information about system operations and user activities, and then send this data to the ISSP SOC cloud for analysis.
Monitoring Directions
Within the scope of this service, the primary focus is on monitoring the following event categories:
01
The use of known tactics, techniques, and procedures by adversaries according to the MITRE ATT&CK framework.
02
The emergence of known indicators of compromise (IoCs), which may signal potential threats.
03
Deviations from normal functioning (anomalies) in user behavior and endpoint systems based on key parameters, characterizing abnormal behavior and identifying unknown or disguised threats.
04
Critical events in existing information security defense systems that operate on the principle of signature analysis (antivirus, intrusion detection systems).
Standard Collaboration Framework between Client Roles and ISSP SOC
The integration with the service is achieved by deploying an agent on the client's workstations and servers, compatible with Windows, Linux, and MacOS operating systems. This agent communicates directly with the ISSP SOC monitoring system, allowing for the secure collection of supplementary telemetry data from endpoints, even those situated outside the client's corporate network, via a secure protocol.
An optional component consists of a gateway/server equipped with connectors that facilitate the remote gathering of audit logs from the client's security infrastructure, encompassing both on-premise and cloud services. The remaining components of the monitoring system are housed within the ISSP SOC cloud-based data processing center, situated in the European Amazon AWS tenant.
Secure communication between the connector server and the monitoring system is maintained through a secure protocol.
Ready to Request a Quote?
Contact Us!
Tell us a little about yourself, and we'll be in touch right away!