Threat Hunting Basics
Today’s threats require a more active role in identifying and responding to sophisticated attacks. Traditional security measures such as firewalls, IDS, endpoint protection, and Sims are only part of the puzzle of network security.
The threat of hunting may be a manual process in which a security analyst sifts information of various data using their own knowledge and familiarity with the network to generate hypotheses about potential threats, such as, but not limited to, lateral movement by threats actors. To be even more efficient and effective, however, the danger of hunting can be partially automated or computer-aided as well. In this case, the analyst uses software that uses machine learning and user and object behavior analyst (UEBA) inform the analyst of the potential risks. The analyst then examines the potential risks, tracking suspicious behavior on the network.
The idea that the threat of hunting and investigating the incident, such as a common misconception, since hunting is pre-investigation activities. But at the same time, the output of automated detection systems, and hunting are the same: both produce potential candidates investigation. In the case of automated systems, potential candidates for investigation, usually come in the form of warnings, and a hunt is the result of hunting.