| The name of the base system (platform): | Group-IB Threat Hunting Framework (ранее Threat Detection Service, TDS) |
| Developers: | Credo-C |
| Date of the premiere of the system: | 2021/02/19 |
| Technology: | IB - Security Information and Event Management (SIEM), IT outsourcing |
Main articles:
2021: Cyber Threat Protection Service Announcement
On February 19, 2021, Group-IB, an international company specializing in the prevention of cyber attacks, and the Russian system integrator CREDO-S launched a service for detecting previously unknown threats and targeted attacks in the format of Security as a Service (SECaaS). Its technological basis is the Threat Hunting Framework (THF), a Group-IB solution that protects against a wide range of threats, including encryption programs, exploits, bank trojans, spies, backdoors, malicious scripts and hidden data channels, both inside and outside the protected perimeter. As part of the partner program, MSSP (Managed Security Service Provider), CREDO-C and Group-IB will provide two lines of 24-hour support and response to cyber incidents for integrator customers.
According to the company, the service using the Group-IB Threat Hunting Framework protects CREDO-S customers - networks of companies and employee workplaces, including remote ones. All detected anomalies are sent to the CERT CREDOS monitoring center, which monitors alerts around the clock, responds to incidents and conducts internal and external hunting for threats. And if necessary, it connects the second support line represented by CERT-GIB or specialists from other divisions of Group-IB - experts from the Computer Forensic Science Laboratory (DFIR), the audit and consulting department, and Threat Intelligence & Attribution analysts.
The service is provided in the form of a subscription for a certain period of time and includes a wide range of replicated cybersecurity services.
 | As of February 2021, the average annual growth rate of the service model is 15%. As a result of this approach, not only large companies, but also the small and medium business segment gain access to technology solutions. The main possibilities of this approach are the transition from capital costs to operational costs, savings in personnel through 24/7 round-the-clock monitoring of the entire perimeter by two professional teams - the "first line" (CERT CREDOS) and the "second line" of protection (CERT-GIB). An important factor for state-owned enterprises and critical infrastructure is compliance with the law - the service provider has all the necessary licenses and certificates. |  |
The cooperation of CREDO-S with Group-IB began in 2018 with the introduction of monitoring systems information security at large defense industrial and industrial enterprises. Pilot testing of Group-IB solutions from CREDO-S customers revealed the interest of attackers in these objects. In one of the companies, the Group-IB THF complex discovered 6 types of various harmful programs and backdoors in the network - banking trojan in accounting, spyware on mobile devices of employees who connected to the worker, wi-fi backdoors and trojans on working machines. And this despite the installed servers on both workers computers antiviruses and various means of protection. At another enterprise, an attack was discovered using a backdoor and uncovered vulnerabilities - the incident was immediately detected by the Group-IB THF complex, and malicious ON was removed by CREDO-S specialists.
Group-IB experts assess the level of cyber threats for industrial enterprises and the public sector in 2021 as "critical" or "very high." Specialists expect an increase in the number of targeted attacks on the IT infrastructure using specialized malware, for example, spyware or compromising the company's IoT devices - cyber spies can be on the network unnoticed for years.
It is also projected to increase the number of attacks on companies of various scales and industries by encryption virus operators in order to extort, steal confidential information or stop business processes. According to Group-IB estimates, the total potential damage from attacks using cryptographers in 2020 amounted to at least $1 billion, and the number of successful incidents exceeded 2000. Over the year, the market for sales of access to corporate networks - and this is the easiest way to penetrate the encoder - has grown 4 times.
The comprehensive Threat Hunting Framework is designed to protect IT and technology networks from previously unknown threats and targeted attacks, search for threats both inside and outside the network, and investigate and immediately respond to cybersecurity incidents to minimize impact. THF is capable of fully automated stopping targeted attacks on the organization, giving the security team tools to connect disparate events around the attack, attribution of threats, analysis of malicious code and response to an incident. It is based on patented technologies and inventions of Group-IB engineering teams and analysts.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |