Threat Hunting

Threat Hunting

In today’s landscape, a network breach or unauthorized access can often go on for weeks or months without detection.

So how do you know if you’ve been breached?

Security Testing and Threat Hunting

Is all the money, time and effort you’re putting into cybersecurity effective? Despite all the layers of security and training you might have in place, is your data being siphoned anyway? What can you do to make sure?

Regularly performing Threat Hunting exercises will answer these questions. Our threat hunters are effectively detectives. They combine the skills required for penetration testing, forensics, auditing, programming, and big data analysis and focus on finding ongoing attacks that have gotten past the boxes and software.

The Hunt Is On…

Sera-Brynn’s Security Testing includes threat hunting and post-hunt analysis on a scheduled frequency to identify compromised systems and locate gaps in current protective measures. Our approach is hands-on to hunt for threats in your infrastructure and ensure your network is clear after a breach. Our threat hunters work with you to:

Improve Security Operations

  • Identify and understand threats, potential blind spots, and avenues of attack;
  • Identify network layout and critical infrastructure;
  • Identify existing defenses, including logging and alerting mechanisms;
  • Gather information on historical threats and previous security incidents; and
  • Establish a baseline for normal and defining abnormal behavior

Identify Potential Breaches

Our analysts will evaluate existing threat intelligence information to identify an existing breach and uncover abnormal behavior using:

  • Firewall and network log configurations and log data;
  • Server and relevant workstation logs;
  • Automated scanning for Indicators of Compromise (IOCs) to identify known threats;
  • Forensic data collection and analysis of relevant systems, including live memory analysis; and
  • Network packet capture and analysis.

Report and Improve

Specific recommendations delivered in writing and directly tied to risk provide actionable intelligence and steps to improve overall security posture, remove blind spots, and close existing gaps.

Why do I need Threat Hunting on top of SIEM, endpoint, and boundary protection?

More than 70% of companies surveyed by SANS had inadequate capability in identifying, detecting, and responding to advanced threats. Attacks from Advanced Persistent Threats (APTs) often bypass all the boxes and software. Once in place and undetected, they can operate for months and sometimes years before being detected and stopped. They are persistent, because it’s not uncommon for them to find yet another way in and the cycle repeats. There is no tool available that can do the detective work and analysis that a human with training and, more importantly, experience, can.

Cybersecurity is a constantly evolving industry and no one takes advantage of this better than the attackers. Many of them are well funded and organized. They have the resources to train against just about any out of the box defense/intelligence system available. This is why Threat Hunting is so important – you need a human to counter another human.

SANS Threat Hunting Survey Highlights


86% of respondents in a recent SANS Institute survey of 494 IT professionals said their organizations were engaged in Threat Hunting

75% said they had reduced their attack surface as a result of more aggressive threat-hunting

59% credited the approach for enhancing incident response speed and accuracy

    “Threat Hunting is new to most organizations and demonstrates that it has had a positive effect on reducing attacker dwell time for those organizations that conduct hunts regularly,says the survey’s author, Rob Lee, SANS fellow and curriculum lead author for the SANS Incident Response and Forensics training courses.

Contact us today at 757-243-1257 or info@sera-brynn.com if you’d like to learn more about our Threat Hunting services