Threat Modelling and Hunting
Customer Background
A Government bureau which is responsible for formulating information technology (IT) strategies, programmes and measures, in addition to providing network infrastructures, IT services and support within the Government
Key Challenge
Less visibility on internal network traffic especially traffic across different bureaus
Internal threats for cyber attack
Distributed DHCP records for differentiating dynamic computing devices and IOT from different bureaus
Threat Hunting Solution
Threat modelling
Machine learning technology
Different scale deployment for different concerned network segments
Real-time detection and alerting by email
Achievement / Benefits
Map the Threat Models into customer’s Alert Handling Framework
Match and store different DHCP log pattern (e.g. from Windows 2012) into the System
Integrate with customer’s SIEM for centralized event management
Rapid and easy deployment