Compromise assessment & Threat hunting
Are you currently compromised? It's a simple question, yet the answer is not always straight-forward! While some attack techniques will show you something's happening (e.g. ransomware), others will remain under the radar for a long time and cause damage on the longer term (e.g. collect & steal sensitive information). Are you sure you know adversaries haven't penetrated your defences yet?
Your Challenge
How confident are you about your current detection capability? Although you've implemented some detection tools (e.g. IDS, SIEM, ...), you're not sure how effectively you detect actual attacks ... You would like to move beyond traditional signature-based detection and want to involve a team of experts that can hunt adversaries in your network, thereby leveraging world-class technology & expertise!
Compromise assessment & Threat hunting
Are you currently compromised? It's a simple question, yet the answer is not always straight-forward! While some attack techniques will show you something's happening (e.g. ransomware), others will remain under the radar for a long time and cause damage on the longer term (e.g. collect & steal sensitive information). Are you sure you know adversaries haven't penetrated your defences yet?
NVISO can deliver a "Compromise Assessment" or "Threat Hunt" exercise, where our experts review your environment for existing compromises or suspicious behavior using our NVISO Eagle Eye technology. Our technology is continuously being developed to analyze & correlate the following types of information:
- Raw network traffic that is parsed by our NVISO Eagle Eye engine (which includes log generation, IDS, contextualization & capabilities);
- Logs of typical network devices (e.g. proxy logs, DNS logs, DHCP logs) and endpoints (e.g. Windows event logs, syslog, EDR logs, ...);
- Our engine is continuously connected to NVISO's threat intelligence platform, ensuring it can detect the latest known attack campaigns.
The NVISO Eagle Eye engine performs traditional signature-based detection for known attacks, but also includes anomaly & outlier detection algorithms. These algorithms are at the core of NVISO's R&D activities.
The results of our engine are visualized in our analysis dashboards, to which your & our analysts will have access to. On a periodical basis (frequency can be tailored to your needs), our analysts will review the dashboards and analyze what's happening in your environment.
The result of such an exercise is a report that clearly indicates what is going on in your environment and what suspicious activity was identified. Optionally, NVISO's analysts can deliver (emergency) incident response services to help you tackle identified issues.
Why NVISO ?
- In 2016, our Eagle Eye technology won the NATO NCIA Defence Innovation Award, an achievement we are very proud of!
- We offer a unique service model, combining technology, expertise & intelligence!
- We are a trusted European team, all of our analysts possess a security clearance "Secret" (Belgian, NATO & EU);
- We have a team of world-class experts that regularly share their knowledge while teaching for SANS or speaking at conferences. Furthermore, our experts have obtained most of the well-known certifications in the industry: GCFA, GCFE, GNFA, GCIA, GCIH, GREM, ...
- In case of incidents, our CSIRT is available 24/7 through a dedicated hotline.