Cyber Threat Management with MITRE ATT&CK – Part 1

Let’s agree on this first, job of a SOC analyst is TOUGH, as tough as finding a needle in a haystack. Threat hunters are mostly presented with thousands of logs and telemetry data every second and are supposed to identify threat adversaries from this pool of information. This is one challenge which can fatigue both the human and machine intelligence.

Read More

Automated Threat Response with SOAR

Earlier, there were very few options available to sneak into an organisation’s network. Today, the ways in which cyber criminals can get into an organisation has dramatically increased. There are multiple vulnerable platforms such as cloud data centers, mobile devices, file sharing platforms, IoT devices and many more that provide uncountable ways that compromise the network security.

Read More

Pandemic COVID-19 Outbreak – Cyber Security Implications

As the world is trying to deal with the coronavirus pandemic, it seems hackers, fraudsters, and spammers; all flourish and they are not on lockdown. The situation has proven to be a blessing for them. The attackers find new ways to take advantage of the human fear and to target victims with scams or malware campaigns.

Read More

What is SOC beyond a Monitoring Center?

Managed SOC / CSOC (aka Cyber Security Operations Center) is often regarded as the workplace where the nerdy information security professionals spend their time in. Actually, its more than just a physical workplace with many more dimensions to it. So, let’s see what makes a monitoring center with screens and eyes a SOC.

Read More

The Basics of Threat Hunting

Forms of threat hunt

The truth is that threat hunt end goal plays an important role in the whole classification of the type of the hunt. Hunt events start with a concrete goal to discover specific actors—which classifies this type of hunt as a threat focused. Likewise, an environmental hunt engagement focused on learning a particular subset of the overall environment from a technical angle. Classifying the type of a threat hunt is as essential as the type of threat hunt changes the TTP and data sources required to conduct the hunt. A hunt might also start as an environmental hunt and might change into a threat-focused hunt as any malicious activity be discovered.

Read More

A Threat Hunt tale

The human domain is complex and unpredictable, and as a result the logic behind certain behaviors are also complex. The problem that many detection systems try to resolve is the automated detection of these complex behavior actions. Some of the actions are obvious (i.e. ports scan), but others are less detectable, particularly when is coming from the internal network such as valid credentials used for wrong purposes.

To make the issue a little more difficult, not all analysts use the same techniques or methods to achieve their goals. For example, a nation state actor could have a set of known techniques tactics and procedures (TTPs) that could potentially be detected. If the TTPs changed, what new course of actions would the analyst take? Or even more frustrating, what if an insider was operating in the grounds of a company policy to steal data? The detection line grows and might even be non-existent in the case of an insider leaking information until the damage is done.

Read More

Threat Modeling Recipe for a State-of-the-Art SOC

Today, every security expert agrees that we are in the middle of a cyber warfare walking right across a mine field waits for a single wrong move for mass destruction. The enemy holds a wide arsenal of most modern and destructive weapons. The only difference between a real-world warfare and Cyber warfare is that in cyber the enemy and the weapons are mostly UNKNOWN.

Organizations spend most of their money and resources on security, sometimes more than actual operations. Because they understand that the unauthorized revealing of a single bit of code could possibly put an end to their business. However, none is immune to cyber-attacks. Security professionals within the organization would equip their defense with all the tools they can accommodate assuming to deter any attacker. This is like a wild fire. Along with the new tools they bring new vulnerabilities to the Network infrastructure. Above all, attackers are so patient to wait for the right chance to get access to your data as they know it values a lot. Even the smallest negligence in security infrastructure could be an invitation to the attacker.

One possible way to increase the immunity and shield the business from this war is to sometime wear the hat of an attacker and attack your own organization without any mercy in all possible ways. Now sit back, review how could you compromise such a strong security, find the gaps and fill it. In simple terms, perform Threat Modeling.

Read More


We welcome you to contact us for more information
about HAWKEYE - SOC As A Service.