Cyderes’ Threat Hunting Service helps inform strategic organizational initiatives through recurring threat hunts where active threats and other actionable observations are discovered with recommended remediations, where applicable.
Cyderes offers clients the ability to enhance detection and response capabilities as well as free up valuable time of a company’s security resources to perform higher impacting tasks that service organizational business objectives.
No specific initial setup is required for threat hunts other than setup activities already being performed to stand up EDRs, SIEMs, etc.
The Threat Hunting team proactively schedules threat hunts for each client at a frequency of two hunts per month.
Observations are the standard deliverables for Threat Hunts. Resulting observations are reported via JIRA tickets. Any observations indicating major threats are reported directly to the CSM and/or AE to ensure timely communication to client.
Cyderes will work with the client to understand and capture business goals and objectives for their threat management program.
Cyderes will assess current capabilities, including identifying gaps in telemetry, and recommending improvements.
Cyderes will define communication guidelines, escalation paths, and standard reporting, including setting up for MyCyderes access through which all hunt observations are reported.
Resulting observations are reported via the MyCyderes portal via JIRA tickets.
Any observations indicating major threats are reported directly to the CSM and/or AE to ensure timely communication to the client.
The appropriate squad will also work the ticket as they would any other alert, including escalating to the client when needed.
Out-of-band client requests (consultation, etc.) are considered on a case-by-case basis.
Observations will be accompanied by all queries and analytics, and references to any relevant intel.
Recommended remediation actions will only be provided when observations indicate tangible actionable results.
Identification of gaps in telemetry
Identification of noisy environments and recommendations for tuning opportunities
Identification of misconfiguration and vulnerabilities
Relevant supporting information and recommendations for remediations
in transforming your cybersecurity program
