Question 1

What is the difference between Threat Hunting and Pen Testing?

Accepted Answer

Pen testing looks for ways to get in; Threat Hunting assumes someone is already in and searches for existing lurking threats.

Question 2

Do I need an EDR for Threat Hunting?

Accepted Answer

While EDR telemetry is helpful, we can hunt using network logs, custom artifacts, and our proprietary automation tools.

Question 3

What if no threat is found?

Accepted Answer

A 'clean' hunt is a success. It provides high-confidence assurance that your environment is not compromised by analyzed TTPs and identifies gaps to improve future resilience.

Question 4

What can we expect from a threat hunting?

Accepted Answer

You receive a comprehensive report detailing our hypotheses, the telemetry analyzed, identification of any suspicious behaviors, and concrete recommendations to improve your detection surface.

Question 5

How do you ensure the hunt doesn't disrupt our production?

Accepted Answer

We use non-intrusive collection methods and carefully tune our scripts. Our approach is designed to be low-impact, prioritizing system stability while maintaining deep visibility.

Question 6

Can threat hunting support NIS2 preparation?

Accepted Answer

Yes. A targeted hunt can help you reduce uncertainty after a supplier incident, document technical observations, and prioritize the remediation work needed to strengthen operational resilience.

Threat Hunting

In scope

Out of scope

Deliverables

Frequently asked questions

Good fit when…