CTH in Industry Solutions

1. Cyber Threat Hunting Team Structure:

   • The cyber threat hunting team operates independently of the traditional SOC (Security Operations Center).

   • It is responsible for proactive threat identification, ingesting data from various sources, including OSINT, deep web, dark web, and unstructured data.

   • The team shares information with the SOC (blue team) to enhance security measures and improve defenses.

2. Integration with SOC:

   • The cyber threat hunting team complements the SOC by providing advanced insights that help in reducing false positives and improving the efficiency of SOC operations.

   • The team supports the SOC in building better rules in SIEM platforms and enhancing security device management.

3. i2 Enterprise Insight Analysis (EIA):

   • i2 EIA is a tool used for cyber forensic investigation and proactive threat hunting, enhancing the SOC to the next-gen level with cognitive analysis capabilities.

   • It allows the integration of both internal and external data sources, enabling analysts to make sense of the data and produce actionable intelligence.

   • The tool is widely deployed across various sectors, including government, military, law enforcement, and private sectors, and has been used in criminal investigations that have stood up in courts globally.

4. Use Cases and Value Proposition:

   • i2 EIA has been used in various use cases, such as reducing fraud and decreasing false positives in SIEM.

   • It serves as a force multiplier, optimizing and predicting threats before they become actual problems.

   • The tool allows the submission of intelligence to CISOs, CIOs, and Heads of Risk, making it valuable for high-level decision-making.

5. Legal and Law Enforcement Application:

   • i2 EIA has been used by law enforcement globally for prosecuting criminal activities, and it has proven reliable in legal settings, including in international courts like The Hague.