Huntry

Cyber Threat Hunting is a detection activity that actively looks for signs of intrusion or compromise in a system or network, rather than waiting for automatic alerts to appear.

Unlike traditional monitoring services or SOC (Security Operations Center) service, which relies mainly on alerts generated by tools and predefined rules, threat hunting takes a more intelligent and targeted approach:

1. Proactive: the service continuously searches for traces left by attackers, even if no alert has yet been raised.

1. Analytical: it relies on different types of probes (both system and network) to identify indicators of compromise (IoCs).

1. False positives reduction : by focusing on confirmed indicators, Hunting avoids generating an avalanche of useless alerts.

1. Complementary : by defining an another approach, Hunting service enhances traditional detection services such as SOCs, targeting sophisticated or advanced attacks that automated tools may miss.

Cyber Threat Hunting is like a proactive investigation within your systems, aiming to uncover threats before they cause serious damage.

Huntry relies on two complementary approaches:"

Externe Monitoring

External monitoring identifies traces of compromise directly affecting monitored infrastructures, but also signs detectable via OSINT (Open Source Intelligence) techniques.

By collecting and analyzing publicly accessible information – such as leaked databases or compromised credentials available online – Huntry can link these elements to the monitored perimeter and quickly alert the concerned organization.

Internal Monitoring

Internal monitoring is based on deploying probes at a strategic points of the infrastructure. These probes are in charge of identifying indicators of compromise (IoCs) and detect suspicious activity.

The monitoring activities orchestrated by Huntry rely on the detection and the exploitation of Indicators of Compromise (IoCs).

These IoCs come from several sources:

1. our global honeypot network,

1. strategic partners enriching the intelligence base,

1. our incident response activities, which help identify new attack markers,

1. ongoing Security Watch activity conducted by each WELAN employee.

What is an IoC?

An Indicator of Compromise (IoC) is an observable piece of data which can be used to reveal an intrusion or malicious activity on a network or endpoint.

IoCs can take many forms: File name or hash, IP address, Domain name, URL, Registry key, Network trace, User-agent, Certificate fields, etc.

Huntry’s added value lies in its ability to gather these data points, analyze them by type and confidence level, and efficiently locate them where they matter most.

How can we ensure that deploying the service does not introduce new weaknesses into your IT systems ?

Internal monitoring requires the installation of agents and the deployement of network probes. As with an EDR or endpoint management solution, there is theoretically a risk that these components could present vulnerabilities.

To address this concern, Huntry relies on:

1. proven, robust, and widely audited open-source technologies rather than proprietary / internal developments,

1. a segmented architecture, with management components that can be deployed directly within the supervised infrastructure, in a dedicated network enclave,

Thus, even if a security incident affecting WELAN’s infrastructure occurs, it could not impact the supervised infrastructures in any way.