Welcome to DEATH Labs
The Netenrich Detection Engineering, Analytics, and Threat Hunting (DEATH) Labs team uses data, data analytics, machine learning, external intelligence, Resolution Intelligence Cloud, and their deep experience to find and thwart threats.
DEATH Labs delivers intelligence-driven threat awareness and analytics that improves the ability of Netenrich customers and partners to detect and respond to cyber threats targeting their high-value assets.
DEATH Labs Podcast
John Bambenek, Principal Threat Hunter at Netenrich, talks with leading security experts on the latest threats and how to tackle them. Click to go to podcasts.
Threat Analytics Services
Resolution Intelligence Cloud customers can subscribe to Threat Analytics Services (TAS) from Netenrich's DEATH Labs. Click to learn more.
DEATH Labs podcast
Tune in every other Wednesday for a new installment of the DEATH Labs podcast.
In each podcast, John Bambenek, renowned cybersecurity expert and Principal Threat Hunter at Netenrich, interviews fellow security leaders on the latest cyberattacks and what you should do now to avoid them.
Get insights on advanced threat hunting, detection, and response techniques. Catch these conversations on the cutting edge of cybersecurity, with plenty of wit and humor, for security experts and newbies alike.
Threat Analytics Services
Netenrich Threat Analytics Services (TAS) is offered as a subscription for Resolution Intelligence Cloud customers. Services include:
- Weekly detailed threat hunting reports show you what's important based on most recent activity externally and internally to your organization.
- Meetings with Netenrich security leaders on the DEATH Labs team to discuss your questions and learn what you can do to strengthen your security posture.
- Detection, correlation, and enrichment tuning in Resolution Intelligence Cloud.
For more information about TAS for Resolution Intelligence Cloud, please contact us. Netenrich also offers free vulnerability alerts: check out Knowledge NOW.
Threat hunting, threat analytics & data engineering
At Netenrich, we approach everything from the perspective of data, which is how we built the Resolution Intelligence Cloud platform.
Threat hunting is the proactive effort of searching for signs of malicious activity in the digital infrastructure, both current and historical, that have evaded an organization's security defenses. The evasion of security defenses may be due to usage of new, improved, or unknown attacker techniques, 0-day exploits, or a lack of adequate detection technology. Threat hunting assumes a properly running security monitoring process (so incomplete or faulty configuration of detection technology and misinterpretation of security events during triage are not in its scope).
Threat hunting decreases attacker dwell time, the time between an initial compromise and its discovery. As detection capabilities continue to evolve and expand, adversary tactics, techniques, and procedures (TTPs) adapt to evade detection. Comprehensive security telemetry data over time is critical for effective threat hunting; without it, attackers have somewhere to hide.
Data analytics uses statistical analysis and technologies to find trends and solve problems, and threat analytics applies data analytics to security telemetry data to detect threats and incursions. One example is behavioral analytics used to detect adversary behaviors, such as creating a new Windows service. That behavior may or may not be malicious (you need context to figure out whether it is malicious or not). Behaviors map back to techniques in the MITRE ATT&CK model. A single incursion can be represented as an aggregation of multiple behaviors (TTPs) in the ATT&CK model.
Data engineering in general means building systems to enable the collection and usage of data. In the context of threat hunting and cybersecurity, data engineering builds systems to make sense of (1) security telemetry that comes from many diverse sources in multiple formats (end points, servers, clouds, applications, etc.), (2) information that provides necessary context as to whether detected activity is malicious or not, and (3) external threat intelligence about threat in the wild.