When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late.
Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.
However, advanced threat actors have learned to blend in with their target’s environment, remaining unnoticed for prolonged periods.
Based on years of experience, here are some of the threat-hunting basics used by the IBM X-Force team to find these actors.
What Threat Hunting Is
Threat hunting is a proactive approach to identifying previously unknown or ongoing non-remediated threats within an organization’s network. Threat hunting should be iterative and human-driven.
Effective threat hunting requires a specific skill set. A successful threat hunter must be good at hypothetical thinking and be able to speculate about source vectors and potential impact.
Additionally, pattern recognition and deductive reasoning are valuable skills for the job. Attackers are constantly getting better at finding new, creative ways of exploiting weaknesses in operating systems and applications. That’s why threat hunters must look for patterns matching tactics and unusual behavior.
It’s essential to formulate and develop logical theories on how to access a network or exploit a system to gain access to critical information. Once the theory has been created, an analyst needs to work backward, using deductive reasoning, to look for any clues left behind by attackers.
Additionally, threat hunting is an iterative process. A good threat hunter must be able to quickly r ..
Support the originator by clicking the read the rest link below.