MANAGED SECURITY SERVICES
Enterprise Threat Operations
Active threat hunting across the organization’s endpoints means fewer surprises.
Novacoast Threat Hunting and Threat Operations services are designed to deliver proactive threat detection within customers’ environments.
What We Do
Threat Hunting and Threat Operations
Novacoast’s Threat Operations service provides active threat hunting across an organization’s endpoints. The services are provided by Novacoast’s Threat Operations Team (TOPS), a group of cyber security intelligence researchers, threat hunters, EDR experts, and incident responders. On we weekly basis the team:
- Gathers intelligence across the threat landscape.
- Includes industry specific threat intel.
- Prioritizes intelligence into a list of targeted threat hunts.
- Creates and test hunt queries.
- Performs hunts.
- Escalates any hits and provides remediation guidance.
- Leave behind watch list or alarms where the tooling allows.
Hypothesis Creation and Threat Hunt Creation
The Novacoast Threat Operations team relies on a combination of threat intelligence, environmental knowledge, past incidents that impacted the Customer, as well as their familiarity with Mitre Att&ck to define hypothesies—assumptions and theories about potential threat activity and compromise currently existing in the environment. Using these hypothesies, the Threat Operations team crafts a Threat Hunt—a series of activities that can be used to prove or disprove the existence of these threats.
Threat Hunt Activities and Reporting
Novacoast Threat Operations team execute these threat hunts regularly then communicate this information back to the customer through formal reporting. Critical findings can be communicated more urgently, while less critical information is delivered through a regular reporting cycle.
WEEKLY
Threat hunters typically perform the following on a weekly basis:
- Alert/watchlist tuning
- Hunt hypothesis creation
- Intelligence driven
- Customer centric contextual information
- Active hunting in customer environment
- Escalation of discovered incidents as needed
Monthly
Threat Ops typically produces the following on a monthly basis:
- Threat Hunting Activity Review
- Recommendations to SOC team for detection rules based on hunt findings
- Service Questions and Issues