Threat Hunting Flashcards
Threat Hunting
A cybersecurity technique designed to detect presence of threat that have not been discovered by a normal security monitoring.
Potentially less disruptive than penetration testing.
Establishing a Hypothesis
A hypothesis is derived from the threat modeling and is based on potential events with higher likelihood and higher impact.
Profiling Threat Actors and Activities
Involves the creating of scenario that show how a prospective attacker might attempt an intrusion and what their objectives might be
Threat Hunting
Relies on the usage of the tools developed for regular security monitoring and incident response:
Analyze network traffic
Analyze the executable process list
Analyze other infected host
Identify how the malicious process was executed
Threat Hunting
Consumes a lot of resources and time to conduct, but can yield a lot of benefits: Improve detection capabilities Integrate intelligence Reduces attack surface Block attack vectors Identify critical assets