PwC Consulting launches Managed Threat Hunting service utilizing Chronicle

Proactively investigate for signs and traces of cyber attacks and promptly respond to incidents

March 10, 2021
PwC Consulting LLC

PwC Consulting LLC (Chiyoda-ku, Tokyo, CEO: Nobuaki Otake) began offering Managed Threat Hunting services on December 23, utilizing Google Cloud security analytics platform Chronicle.

Due to the Coronavirus (COVID-19) pandemic employers are rapidly shifting to a remote work model which has resulted in an increase in security incidents. This is primarily due to evolving attack methods as a result of new employee working environments that were previously not accounted for as a security concern. Conventional detection-type SIEM (Security Information and Event Management) infrastructure and SOC (Security Operation Centre) monitoring may not detect these attack types.

To help combat this, PwC Consulting’s Cyber Security Engineering Team (CSET) have launched a service that leverages Chronicle to provide threat hunting throughout the year on a periodic basis (weekly, monthly or the frequency your organization requires). Threat hunting is an approach that leverages internal and external threat information from your organization to proactively investigate active threats in your environment without waiting for alerts from security products. In addition to the periodic threat hunting exercise, we will provide reporting and deep dive forensic analysis as needed.

The features of this service are as follows.

1. Analyze attack traces from APT (Advanced Persistent Threat) groups

In addition to detecting general threats and malware, we analyze the existence, signs and traces based on the attack methods and techniques of specific APT groups targeting industries both locally in Japan and globally. By constantly analyzing and correlating disparate events throughout your network, we will help detect and identify threats that extend beyond your existing SoC monitoring and SIEM detection capabilities.

2. Comprehensive analysis including endpoint, servers, and network equipment

In addition to endpoint log analysis, we also investigate logs of critical servers, network / border devices, security devices, etc. Our solutions can support all log types. In order to conduct a comprehensive investigation, we will identify not only external threats attacking your perimeter but also threats that currently exist within your environment whether they are perpetrated by an insider or external malicious threat actor. Chronicle is a SaaS security analytics product powered by Google and allows our team to access cloud computing and storage at scale that cannot be replicated by in-house or private cloud infrastructure.

3. Incident response when there are signs or traces of an attack

In the event where there is a sign or trace of a threat where your organization needs in-depth analysis, we will engage our Incident Response team to carry out a deep forensic investigation. Where required, we will perform malware analysis of affected endpoints and/or servers.

In launching this service, Mr.Hisayuki Ishizumi, Managing Director of Partnerships, Google Cloud Japan commented as follows.

"We are thrilled to have PwC Consulting LLC start providing Managed Threat Hunting services using Chronicle to help meet customer's needs with an advanced and managed threat detection service, including implementation support to threat hunting implementation, investigation, reporting, and incident response. PwC Consulting LLC and Google Cloud will continue to provide solutions against cyber attacks and support business continuity that are evolving due to changes in social conditions."

PwC Managed Threat Hunting Service Overview

For more information about Chronicle, please refer to the official website. 

Google Cloud is a trademark of Google LLC.