How to Threat Hunt Effectively
While discussing threat hunting with a colleague, we got into an interesting conversation about whether some tools can assist with Threat hunting from Operational or from an Strategic perspective and which can be more effective.
Of course there are tools that can help with each of these parts of a threat hunt. Some tools will assist with both. Now let’s dive into this topic.
./threathunt101
Quickly, before we get into the weeds of this maze, what is threat hunting?
Regarding the actual term origin:
The term “threat hunting” originated with the US Air Force in the mid2000’s, when they began to use teams of security analysts to conduct “friendly force projection on their networks.
source: Bejtlich, Richard, “Become a Hunter: Fend off Modern Computer Attacks by Turning your Incident Response Team into Counter Threat Operations,” Information Security, 2011
As for the actual act of Threat Hunting — I want to explore it this way:
- Discuss what it is not
- What it is
- How to
- Applying it
First off, it’s different than Pentesting. Although both activities share at least one goal: to report findings to Operational…
