Threat Hunting & Threat Intelligence
Identify and Eradicate Threats
Cyber threat hunting is an emerging discipline that focuses on hunting down advanced threats in the business environment. Abacode leverages the MITE ATT&CK framework in conjunction with SIEM, SOAR, and other security stack tools deployed. MITRE ATT&CK is an open framework and knowledge base of adversary tactics and techniques based on real-world observations and contribution from security professionals around the world. Using the ATT&CK methodology, Abacode can analyze the potential steps threat actors take to avoid detection and which steps are most likely to further compromise the environment. In such way, the Abacode team can more effectively identify and eradicate threats before those become financial burdens. Additionally, using ATT&CK, Abacode is able to accelerate the process of prescribing remediation steps to eradicate the threat.
Threat intelligence’s primary objective is to aggregate critical information on how threat actors operate, to apply such knowledge for detection, defense and response purposes. Abacode leverages multiple threat intelligence feeds including those from public agencies and third-party security organizations. Open Threat Exchange (OTX) is one of these feeds that we integrate into our Cyber Lorica monitoring platform. OTX is the neighborhood watch of the global intelligence community. It enables private companies, independent security researchers, and government agencies to openly collaborate and share the latest information about emerging threats, attack methods, and malicious actors, promoting greater security across the entire community. OTX changed the way the intelligence community creates and consumes threat data. In OTX, anyone in the security community can contribute, discuss, research, validate, and share threat data. Today, 100,000 participants in 140 countries contribute over 19 million threat indicators daily into this threat intelligence database. Abacode is able to get new signatures from OTX and other threat feeds in real-time which allows for Abacode to detect issues ahead of endpoint protection systems and firewalls, protecting our clients while their endpoint protection signatures get updated.