Finding Bad Actors
Sometimes it helps to think like the bad guy. That’s precisely what we do to identify bad actors from external and internal sources, enabling our clients to be more proactive in how they respond to such threats.
Insider Threat Analysis
Insider threats are difficult to detect. Monitoring tools are important, but so are processes and analytics. We help clients utilize the insider threat monitoring tools they have, optimizing the investment they’ve already made. We recently developed a hybrid cloud monitoring tool for insider threat analysis. Analytics were developed to track and monitor potential insider threat behavior. Resource monitors, data analysis, and bandwidth analysis metrics were utilized with threat analytics to provide a real-time insider threat warning product. This tool was able to successfully detect both malicious insiders, as well as resource waste and unauthorized software utilization, with adjustable settings to reduce false positive settings at the expense of lowered detection rates. This tool identified potential insiders based on resource utilization requests, including file access requests, date and timestamps of login and logoff requests, and external service connections.
Case Study: Insider Threat Detection
We developed a prototype insider detection tool for our client to be implemented within a data center environment and provide insider threat detection alerts with minimal false positives.
Threat Hunt, Offensive Cyber Ops
Supporting National Security missions, our experts are often tasked to support offensive cyber and threat hunt operations. Our cyber intelligence analysts are developing novel methodologies used by the DoD and Intelligence Community to find hidden threats and understand the evolving threat vectors based upon analysis of the Dark Web and other sources.
Our cyber intelligence experts are actively engaged in gathering digital evidence to support forensics investigations.