Threat Hunting
What Is Threat Hunting?
Security experts actively look for and root out cyber threats that have secretly penetrated their computer network, Threat hunting involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities
How does threat hunting work?
Active IT security exercise
with the intent of finding and rooting out cyber attacks that have penetrated your environment without raising any alarms
Going beyond what you already know
the risks and behaviors connected to common threats, such as malware. Threat hunting is about venturing into the unknown to discover new cyber threats
Familiarity with endpoint and network security
You will need seasoned members of your SOC or IT team who have an extensive breadth and depth of knowledge around security issues and best practices
Understanding of data analytics
Threat intelligence often involves teasing patterns out of raw data. An understanding of statistical analysis will help to identify patterns in the data
Innate curiosity
Threat hunting can sometimes be likened to an artistic pursuit. It requires a certain amount of creative thinking to connect seemingly unrelated items or ask, "I wonder what would happen
Threat Hunting Resources
When should you do threat hunting?
You need to set a scope for the hunt, identify clear goals, and set aside a block of time to perform the exercise. When you are done, you need to assess steps to improve your security posture, establishing threat prevention playbooks to address the results moving forward
For Mor Information
