REAL THREAT HUNTING
BlackArrow is the Tarlogic cyber security unit specialized in offensive driven tactics learned through the experience of years providing red team services.
Our researchers, based on lessons learned during investigations of real incidents, as well as advanced Red Teaming exercises, develop hunting tecniques from attack hypotheses. Our approach, gives us the ability to abstract from the day-to-day life of a traditional monitoring SOC service, where a large part of security analysts effort is dedicated to dealing with the heterogeneity of sources, normalization of high volumes of ingested information, blind pots, alerts and false positives, allowing us to focus on the detection of techniques and behavior of threat actors.
Our Red Team has the purpose to simulate an unauthorized access to corporate systems through a sponsored external attack, a classic penetration, long-term persistence, corporate system privilege escalation, and even alteration and theft of business strategical information. The Red Team periodically reports on findings and taken and future actions to a select group of people as directed by the client, so it can always stay updated on the campaign progress, as well as first-hand information on the defending team (Blue Team) performance.
THREAT DETECTION VS REAL THREAT HUNTING
Reactive ( < dwell time)
The investigation is triggered from a security event.
Detection technology ( < visibility)
Event based technology: SIEM, IDS, FWs, Proxy, AV…
Detection based on patterns and IOCs.
Architecture, use cases definition & deployment, heterogeneus sources, blind spots, configuration fails, false positive.
Our research is based on hyphotheses about tactics and techniques employed by threat actors.
High Fidelity Telemetry & Deception
Telemetry driven analysis of users behavior and deception campaigns.
Unknown and targeted attacks
Detection based on TTPs, intelligence, clues…
Just with the deployment of endpoints can we deliver the hunt.