(4) Proactive and Focused Threat Hunting

Question 1

What are the main steps to proactive threat hunting?

Answer 1

Establish a hypothesis

profiling threat actors and activities

Threat hunting tactics

Reducing the attack surface area

Bundling critical assets into groups and protection zones

Understanding, assessing, and addressing attack vectors or the means by which an attack can be conducted

Question 2

During proactive threat hunting, what does reducing the attack surface area do for the org?

Answer 2

Reducing the attack surface area allows resources to be focused on the remaining surface area, which makes protecting the org easier

Question 3

During the threat hunting process, what does bundling critical assets into groups and protection zones do for the org?

Answer 3

Bundling critical assets into groups and protection zones helps with managing the attack surface area, threat hunting, and response activities, since each asset doesn’t need to be assessed on its own or managed as specific item

Question 4

During proactive threat hunting, what do we need to remember about understanding, assessing, and addressing attack vectors or the means by which an attack can be conducted?

Answer 4

We need to make sure that this process has to be based on analysis of threat actors and their techniques as well as the surface area that threat actors can focus on

Question 5

During proactive threat hunting, what is involved in the integrated intelligence step?

Answer 5

This process brings multiple intelligence sources together to give a more complete picture of threats

Question 6

During the proactive threat hunting process, what is to be remembered about improving detection capabilities

Answer 6

Detection capabilities must be improved nonstop as new threats will beat old protective measures

Question 7

Threat hunting needs to be focused, what do we need to remember about configurations?

Answer 7

Configurations and misconfigurations can lead to compromise or it can appear as if an attacker has changed the settings

Question 8

When focusing threat hunting, what do we need to remember about isolated networks?

Answer 8

Threat hunting in isolated networks are easier because traffic should be understood, but they should be understood by having centrally managed tools and capabilities involved to protect and understand the traffic that goes through these networks

Question 9

When it comes to focused threat hunting, what needs to be remembered about business critical assets?

Answer 9

Business critical assets and processes are focused on because they are very important. Threat hunters focus on these because the organizational risk profile. It is important to make sure that business critical assets remain secure