Hunting out the threat within
Blog: Capgemini CTO Blog
We’ve been helping a client in the aerospace and defense sector track down threats to its cybersecurity defenses. The government-owned organization has been protecting its assets with a dedicated Security Operations Center (SOC) provided by Capgemini.
Even though it was confident in the services our SOC was providing, the organization expressed an interest in our Threat Hunting services. These are designed to spot attackers that have successfully entered an IT system when protection and monitoring measures have failed to detect them.
Having been hacked in the past, our client wanted to be doubly assured that its activities in the highly sensitive sector within which it operated were protected. Our SOC could detect new attacks, but what about those that were lying dormant? The client was aware that persistent attackers, such as foreign governments, might have been successful in entering the system without being detected. As such, it commissioned our Threat Hunting services.
Investigating suspicious behavior
In a two-week project, a dedicated analysis was done on a defined critical perimeter, where Capgemini’s analysts investigated suspicious behaviors. Designed to prevent the likelihood of a missed intrusion into their IT system, these investigations focused on unknown persistent programs and modifications on known legitimate program..
Our Threat Hunting services epitomize ‘The Capgemini Effect’ of adopting a human-centered approach to technology. Threat Hunting uniquely brings together automated threat data processing with in-depth human analysis to identify advanced persistent attacks and reduce the risk of a missed intrusion.
Crucially, with our SOC monitoring our client’s security round the clock, the results of our Threat Hunting investigation confirmed the integrity of the defined perimeter.