The Process of Proactive Threat Hunting & Its Components

In Threat Hunting Part 1, we introduced the concepts of Threat Hunting. In this blog, we can continue with this theme, but we introduce how your organization can be proactive in this regard.

Proactive Threat Hunting differs greatly from businesses to corporations, as to what needs to be specifically tracked down and mitigated. This depends largely upon their Security environment as well as their specific requirements. In general terms, there are four major Proactive Threat Hunting categories, which are as follows:

1)     The Hypothesis Driven Investigation:

This is where it is discovered that a brand-new threat vector is imminent, based upon a rather significant amount of information and data that is collected from the various Intelligence Feeds.  Based upon this, then the Threat Hunting team will then probe deeper into the network logs and attempt to find any hidden anomalies or trends that could be foretelling of a Cyber-attack.

2)     The Indicators of Compromise (IOC) Investigation:

This is when the Threat Hunting team does a “deep dive investigation” into the IT Infrastructure to determine where the malicious activity is specifically taking place at, based upon the alerts and the warnings that they have received.

3)     The Analytics Driven Investigation:

The Threat Hunting teams conduct targeted exercises based upon the information and the data that is collected from Machine Learning (ML), Artificial Intelligence (AI) tools.

4)     The TTP Investigation:

TTP stands for Tactics, Techniques, and Procedures Threat hunting. This kind of Threat Hunting reveals the mannerisms in which a Cyberattacker operates in. It is important to keep in mind that the Cyberattacker will not use the same toolset when launching another attack. Instead, they will typically utilize the same operational techniques.

(SOURCE:  1)

Conclusions

In our next blog, we examine how your company can actually engage in a proactive Threat Hunting exercise in order to find any malicious activity that could be transpiring.

Sources

1)    admin, Posted by. “Proactive Threat Hunting and Artificial Intelligence.” ReaQta, 6 Dec. 2018, reaqta.com/2018/11/proactive-threat-hunting-ai/.