What Is SeaGlass Hunt?
SeaGlass Hunt is a process that we can implement to enhance your initial network & security scan. Being able to identify security vulnerabilities and weaknesses within networks, will give your organization the ability to resolve security risks that could lead to data breaches and attacks. Our SeaGlass Hunt service offers 3 critical components:
The SeaGlass Sensor
The SeaGlass Sensor is a device that is configured and shipped onsite to your premises and collects the necessary data for analysis.
The Analysis Process
After a few days of information gathering, our SeaGlass Hunt device and the data are sent back to SeaGlass headquarters where it is downloaded and analyzed using a variety of tools and techniques. The analysis process complements the initial network scan from tools to better assess not only a snapshot of your network’s state, but an in-depth look at the data, its type, and how it moves through your network.
In particular, we look at beaconing or long connection type traffic which would potentially indicate an intruder exfiltrating data. The data is also run through RITA for beacon analysis and SecOnion for Suricata/Snort analysis. As information is gathered, a passer with timestamps is used to attempt to validate any beacon traffic noted.
Report Of Findings To The Client
Our report includes what was found, what data was potentially able to be legitimized, as well as what could not be legitimized and should be looked into further. The first assessment should be viewed as a chance to review, understand, potentially clean up, and filter out traffic for future analysis. The best use of this type of work is to run at minimum, biannual assessments as well as post-cleanup assessments to measure and validate changes made or intrusions stopped.
It is anticipated that each subsequent assessment will be faster since the previous assessments allow for the validating or cleaning up of noise. This will also allow for a clearer picture to ultimately pull potential traffic anomalies out faster for investigation and make the environment more actionable and less noisy.
The Entire SeaGlass Hunt Process Helps Us:
- Highlight IT Security Risks
- Highlight the things you are doing right
- Highlights the areas where you need improvement
The SeaGlass Hunt process also includes The SeaGlass Sensor. We developed our own sensor in-house to complement your initial network & security scan. The SeaGlass Sensor helps us to better assess an initial snapshot of your network’s current state, and it also helps us to understand how your data normally moves.
In turn, that understanding helps us to see when there is any activity that isn’t normal — in particular, ‘beaconing’ (long connection type traffic), which could indicate an intruder stealing data.