The Process of Proactive Threat Hunting & Its Components
In our last blog, we introduced the concepts of Threat Hunting. In this blog, we can continue with this theme, but we introduce how your organization can be proactive in this regard. Proactive Threat Hunting differs greatly from businesses to corporations, as to what needs to be specifically tracked down and mitigated depends largely upon their Security environment as well as their specific requirements. But in general terms, there are four major Proactive Threat Hunting categories, which are as follows:
1) The Hypothesis Driven Investigation:
This is where it is discovered that a brand-new threat vector is imminent, based upon a rather significant of information and data that is collected from the various Intelligence Feeds. Based upon this, then the Threat Hunting team will then probe deeper into the network logs and attempt to find any hidden anomalies or trends that could be foretelling of a Cyber-attack.
2) The Indicators of Compromise (IOC) Investigation:
This is when the Threat Hunting team does a “deep dive investigation” into the IT Infrastructure to determine where the malicious activity is specifically taking place at, based upon the alerts and the warnings that they have received.
3) The Analytics Driven Investigation:
This is where the Threat Hunting teams conduct targeted exercises based upon the information and the data that are collected from Machine Learning (ML), Artificial Intelligence (AI) tools.
4) The TTP Investigation:
TTP stands for Tactics, Techniques, and Procedures Threat hunting. This kind of Threat Hunting reveals the mannerisms in which a Cyberattacker operates in. It is important to keep in mind that the Cyberattacker will not use the same toolset when launching another attack; but rather, they will typically utilize the same operational techniques. This is a hierarchical Threat Hunting technique, and is illustrated in the diagram below:
(SOURCE: 1)
Conclusions
In our next blog, we examine how your company can actually engage in a proactive Threat Hunting exercise in order to find any malicious activity that could be transpiring.
Sources
1) https://reaqta.com/2018/11/proactive-threat-hunting-ai/