Presentation is loading. Please wait.

Presentation is loading. Please wait.

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

Published bySolomon Walker Modified over 5 years ago

Similar presentations

Presentation on theme: "Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts."— Presentation transcript:

1 Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts to provide clients with proactive incident response focused on gaining rapid visibility into customer networks to detemine adversary presence, scope and scale of an infection, and root cause analysis to move clients towards total threat remediation Combining years of Intelligence Community experience conducting offensive cyber operations against advanced threat actors, our experts understand and anticipate adversary behavior and tradecraft, providing a unique ability to predict and determine an attackers presence within a network and identify compromised hosts Adversary HUNT Pursue Operations Threat Baseline Assessments Incident Response and Digital Forensics

2 Concept of Operations HUNT Pursue Remediation Agent Deployment
HUNT operators perform detection and analysis techniques to evaluate telemetry returned from customer endpoints to identify adversary presence and compromised assets HUNT Operators perform malware and forensic analysis to provide actionable intelligence and indicators of compromise to proesecute and remediate threats Agent Deployment Response Planning Indigenous endpoint detection response agents are deployed to customer endpoints to provide HUNT team with visibility into customer networks to determine adversary presence Our HUNT team members work with customer security staff to develop tailored response plans focused on protection of critical assets and holistic remediation 01. CONOP

3 Phase I: Predeployment
Counter APT Concept of Operations Analysts deploy to customer site to develop an understanding of customer network enterprise environment, interview customer security team to gather context surrounding security incident, and determine connectivity requirements to prepare for agent deployment Phase will include malware analysis and reverse engineering of any known suspected malicious software samples and review of any known indicators or compromise related to intrusion Establish a plan of action and safe communications channels with customer team Identify critical assets and key cyber terrain as a function of customer business impact to prioritize actions and response strategy Develop detailed evaluation deployment plan Deliverables Provide customer with detailed agent deployment plan 02. Predeployment Phase

4 Phase II: Agent Deployment
Counter APT Concept of Operations On-site analyst works with customer to deploy software agents and serves as an onsite point of contact for ensuring constant communication and interaction with customer security team Ensures secure communications with remote HUNT team Enables full HUNT support to enable timely and efficient prosecution of threats Duration 1 Day of onsite support, performed by one forward deployed analyst Deliverables Tailored communications channel for SNOW sensors to enable joint operational HUNT infrastructure access to SNOWBoard Analysis and Command and Control Interface 03. Agent Deployment

5 Phase III: HUNT & Remediation
Counter APT Concept of Operations Remote HUNT operators actively HUNT in customer networks to determine adversary presence and determine the conditions for deliberate response in accordance with customer operating requirements Identified indicators of compromise and analyzed to identify compromised hosts and determine scope and scale of infection A response plan is developed for remediating including root cause analysis of intrusion to provide a path to infection by the adversary and recommendations for mitigating security vulnerabilities Duration Approximately five days, performed by one onsite analyst in addition to remote HUNT operators Deliverables Detection reporting Response Plans Post-Operation Remediation Support 04. HUNT and Response Actions

6 Pricing Incident Response & HUNT (USD)
Incident Response (Remote HUNT) | $200/hr Incident Response (Urgent Onsite Support) | $280/hr Incident Response (Nonurgent Onsite Support) | $240/hr Travel | $100/hr Pricing Incident Response & HUNT (USD)

Download ppt "Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,
CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

CSC 386 – Computer Security Scott Heggen. Agenda Security Management.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.
OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.

OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.

Similar presentations

Ads by Google