Scribd
Upload
116 views2 pages

Threat Hunting How Does Threat Hunting Work?: IT Security Cyber Attacks Cybersecurity

Threat hunting involves actively searching for cyber attacks that have penetrated an environment without raising alarms, in contrast to responding to detected threats. It requires going beyond known risks to discover new threats. Organized attackers will exploit weaknesses, so threat hunting aims to find these attackers. An effective threat hunting team includes security experts familiar with systems and analytics to identify patterns, as well as creative thinkers. Hunts are most successful when planned with clear goals and follow-up prevention measures. Logging is key to threat hunting as data is needed to monitor systems and identify patterns of suspicious activity.

Uploaded by

Atul Saikumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
116 views2 pages

Threat Hunting How Does Threat Hunting Work?: IT Security Cyber Attacks Cybersecurity

Threat hunting involves actively searching for cyber attacks that have penetrated an environment without raising alarms, in contrast to responding to detected threats. It requires going beyond known risks to discover new threats. Organized attackers will exploit weaknesses, so threat hunting aims to find these attackers. An effective threat hunting team includes security experts familiar with systems and analytics to identify patterns, as well as creative thinkers. Hunts are most successful when planned with clear goals and follow-up prevention measures. Logging is key to threat hunting as data is needed to monitor systems and identify patterns of suspicious activity.

Uploaded by

Atul Saikumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Threat Hunting

How does threat hunting work?


Threat hunting is an active IT security exercise with the intent of finding and rooting
out cyber attacks that have penetrated your environment without raising any alarms. This is in
contrast to traditional cybersecurity investigations and responses, which stem from system
alerts, and occur after potentially malicious activity has been detected.
Threat hunting involves going beyond what you already know or have been alerted
to. Security software alerts users to the risks and behaviors connected to common threats,
such as malware. Threat hunting is about venturing into the unknown to discover new cyber
threats.
Why is threat hunting important?
Organized, skilled, and well-funded attackers exist. They will work diligently looking for a
weakness to exploit if you become their target. You can't possibly uncover everything, even
with the best security tools. This is where threat hunting comes in. Its primary mandate is to
find just these types of attackers.

Who should be involved in threat hunting?


To carry out a threat hunting campaign, a mix of core skills is needed in a team. These skills
include:

 Familiarity with endpoint and network security. You will need seasoned members of
your SOC or IT team who have an extensive breadth and depth of knowledge around
security issues and best practices.

 Understanding of data analytics. Threat intelligence often involves teasing patterns


out of raw data. An understanding of statistical analysis will help to identify patterns in the
data.
 Innate curiosity. Threat hunting can sometimes be likened to an artistic pursuit. It
requires a certain amount of creative thinking to connect seemingly unrelated items or ask,
"I wonder what would happen if…"

When should you do threat hunting?


You may wish to undertake a threat hunting exercise when you suspect risky behavior has
occurred. Ultimately, the most successful hunts are those that are planned. You need to set a
scope for the hunt, identify clear goals, and set aside a block of time to perform the exercise.
When you are done, you need to assess steps to improve your security posture,
establishing threat prevention playbooks to address the results moving forward.
Where should you hunt for threats?
Ultimately, data is key to any successful threat hunt. Before you can do anything related to
threat hunting, you need to ensure you have adequate logging capability to carry out the hunt.
If you can't see what is happening on your systems, then you can't respond in kind. Choosing
which systems to pull data from will often depend on the scope of the hunt. In some cases,
you may want to install tools to monitor particular types of traffic. The logs pulled by these
temporary systems will then be utilized in the hunt.
Learn more
Want to learn more about threat hunting? Check out the following resources:
 Hunting for hidden threats (report)
 Cisco Threat Hunting Workshop
 Cisco Security clinics, workshops, and events
 Cisco threat hunting blogs
Related network security topics
 What Is the NIST Cybersecurity Framework?
 What Is MITRE ATT&CK?
 Small business network security checklist
 What Is a Disaster Recovery Plan for IT?
 What Is an Incident Response Plan for IT?
 What Is Data Loss Prevention (DLP)?
 What Is a Security Platform?
 What Is Threat Modeling?

You might also like