TeamT5 Asia Cyber Channel Summit - B2B Session
Transcript of TeamT5 Asia Cyber Channel Summit - B2B Session
Global CustomersClient / Partner regions• Japan, Taiwan, ASEAN, Korea, US
50+ Clients• Government agencies• Leading CTI Firms• Security vendors• MSSP• Telecom / ISP• Accounting firms / Financial sectors• Semiconductor / Manufacturing• International Trading
TeamT5 Solutions
Elegant Threat Hunting TechnologyUncover hidden threats• Threat hunting platform and service.• Incident response, malware analysis, and forensics.• Threat mitigation and consulting service.
World-leading Threat IntelligenceKnow your enemies• Tracking and monitoring to 100+ cyber attack groups.• Leader in espionage threat research, especially threats from Asia.• Not only tracking and analyzing, we are also hunting actors.
TeamT5 Threat Intelligence
Many people are talking about Threat Intelligence,
we actually do it.
10+ years experience
Language & Culture
Hunting ActorsThreat Visibility AnalysisAutomation
An elegant threat hunting solution
Elegant and Efficientl Light-weight with high
detection ratel Low cost, less effortsl Low risk, non-intrusive
On premise
Orchestration• SIEM Integration• HTTP Restful API
Auto Investigation• Infection Timeline• Lateral movement analysis
Threat Hunting• Behavior Modeling• Threat Intelligence• Outlier
Use Case (1) – Threat Hunting Tool
Powerful remote forensics• Compromise assessment on risks• Incident response, especially cyber
espionage• Auditing riskware, shadow IT
(unauthorized servers)Simple and efficient• Simply bring a server to IR-site• Dispatch scanner using AD or existing
mechanism• IR Scan 2000+ PC per hour / per
server• Centralized Dashboard & Reports
from server
Target clients• CSIRT team of large enterprises• MSSP, SOC, *-ISAC, CERT service
providers• Computer Auditing or Accounting
firms• Cybersecurity insurance
Identify infected computers instantly• Much more efficient than
traditional incident response.• Automatic investigation, log
analysis, malware analysis.
Use Case (2) – Endpoint Protection
Daily endpoint health check• Installed dedicated ThreatSonar
server• Regular scan (e.g. 1 time / day)• Dashboard shows high level
suspicious PC• If threats detected, start investigation
with information provided by ThreatSonar.
Target clients
• Enterprises, especially with oversea subsidiaries
• Financial firms with ATM, need on-premise
• Cybersecurity insurance companies
• Who need lightweight endpoint visibility