Image

Threat Hunting

Active Cyber Defense

Search and Destroy

Hacks happen. Don’t pretend it won’t happen to you. Don’t pretend it hasn’t already.

Actively looking for indicators of compromise is a necessary part of today’s IT security practices. Passive defense has been insufficient for a decade. Perimeter defenses are not enough, and even layered defense-in-depth approaches fail eventually. No matter how entrenched you get, the adversary can still get in. Without actively looking for the enemy within, your network can quickly become hostile.
Image

Threat Hunting Options

Forward Defense offers a variety of threat hunting options. We can help you design a permanent system utilizing best-of-breed technical products, based in repeatable processes, and backed by real-world training for your team to develop an internal squad of highly trained cyber warriors who can patrol your network on an ongoing basis.

Alternatively, we can send in our troops on a shorter-term basis to seek out the enemy in your midst, helping you take out the trash on a periodic basis. Whatever solution meets your needs, we can customize an offering around your risk tolerance, threat level and budget.

How Forward Defense Works with you

Our experts bring years of real world experience in a variety of disciplines to form a hunting party with the skills needed to know where to look and what to look for. Our penetration testing experts know exactly how they would breach your network and how they would hide their tracks.
Meanwhile, our cyber investigators bring years of experience in tracking cyber prey and know the techniques that are most likely to expose them. Using open source and commercial tools, combined with the experience that only comes from prowling through networks year after year, our team can identify indicators of compromise and help your team contain and remediate the issue before it continues to grow.

Take back your network.

Threat Hunting services from Forward Defense.

Image

Network security monitoring

Using your existing tools, commercial products, or open source solutions our team will monitor your network for anomalies that suggest that an intruder may be present.
Image

Host based detection

Using commercial or open source agents our experts will work with your team to deploy and monitor your network endpoints to detect the presence of unauthorized activity.
Image

RAM analysis and process reviews

Collecting volatile memory for analysis is a critical component of any threat hunt. Whether spot checking critical systems, sweeping the entire enterprise for indicators of compromise.
Image

Vulnerability scanning

Active defense requires that existing holes be identified and explored for evidence that others may have used them for unauthorized access.  When our team detects a possible entry point, we will first examine the impacted systems to clear and hold that system rather than simply patching the vulnerability and hoping for the best.
Image

Log analysis

Properly configured logs can yield massive amounts of information regarding activity on the network and on individual systems. Combing through this data can be resource intensive, but combining intelligent analytics with experienced analysts allows our team to surface events of interest in a timely manner.
Image

Honeynet deployment

If the enemy is within, deploying a honeynet is a good way to draw him out. By configuring realistic looking target systems, coupled with enhanced monitoring and detection, our team will set the trap and wait for the adversary to take the bait.
Image

File integrity checks

Critical system files should be checked on an ongoing basis for signs of unauthorized tampering. Changes to core system components may indicate the presence of root kits or other malicious activity.
Image

Configuration reviews

Many adversaries avoid installing malicious software and instead change system configurations to reduce security, create backdoors or create vulnerabilities that they can exploit.
Image

Account reviews

Why add malware that may be detected when you can simply upgrade access or add seemingly legitimate accounts? Many dedicated adversaries will exploit typical logon behavior, PowerShell scripts, or remote shells to fly below the radar and blend in with normal network traffic.

Talk to a Forward Defense Security expert today

Is your business secure? Complete the meeting schedule form to talk with a Forward Defense Security expert about your compliance and security needs.
Get a quote