Proactive actions
Following an intrusion, an attack goes through several phases which constitute the “kill chain” and the execution of the latter from end to end lasts an average of 6 months. By assuming that our client has suffered an intrusion while using their old antivirus or other protection mechanism, the proactive actions of the Falcon’s Threat Hunting service make it possible to identify the blind spots generated by each phase of the “kill chain” by comparing them to known TTPs. This breaks the “kill chain” of the attack.
Monitoring actions against new threats
Using the flows of threats identified at our customers as well as private and public flows, the Falcon’s Security engineer will systematically test all newly identified TTPs and IOCs. If an attack is possible in the context of the customer, the information is used to modify the zero-trust rules on agents installed at the customer’s premises. Particular attention is paid to TTPs and IOCs specifically targeting our client’s industry.
Internal software analysis actions
Historical or newly used software by the customer can be susceptible open doors to attacks. Thanks to the exhaustive list of software reported by our Falcon’s Smart Endpoint agent, the engineer will perform manual and in-depth analyzes (network communications, system communications, data access, etc.) of the programs used in order to identify potential threats.
