Threat hunting is a hot new term in the cyber security world, but it’s not always used consistently. The term can be employed loosely – or even opportunistically – to refer to things other than the process of actively hunting potential threats. Some traditional security operations services have been rebranding what they already do as “threat hunting” without any improvement in the outcomes they deliver. So, what really is threat hunting?
Threat hunting is the process of discovering gaps in your detection coverage so those gaps can be closed without ever having been successfully exploited by a real attacker.
Threat hunting is the practice of assuming that an organization has been compromised. This includes understanding how an attacker would think and then using that to infer the techniques that an attacker would use to compromise the organization. Once the threat hunter has identified the techniques an attacker would have used, they can then create detection use cases that can be automated to improve the organization’s detection coverage.
Threat hunting isn’t the only thing needed to effectively defend against an attacker – it needs to work hand in hand with security operations. Countercept developed Continuous Response, which is a combination of detection & response operations into a single methodology to cut down the response gap and enable an immediate response to any attack. When conducted properly, threat hunting and continuous response are integrated activities, with each one constantly feeding into and improving the other.
To clear up what threat hunting really is – and what it really isn’t – we created an infographic called “Myths and Misconceptions About Threat Hunting.”
This infographic is from F-Secure Countercept´s new whitepaper, “Demystifying Threat Hunting.” “Demystifying Threat Hunting” begins by exploring common myths and misconceptions about threat hunting, then examines what the term means to those who are working as threat hunters today. It then examines the concept of Continuous Response and, and is driven by, improvements in threat hunting. “Demystifying Threat Hunting” unpacks what good threat hunting is, and what tools need to be made available to threat hunters so they can excel at their task. Finally, the paper looks at emerging trends and offers some predictions about the future of threat hunting.
“Demystifying Threat Hunting” is a comprehensive whitepaper on this cutting-edge topic, and will give you all the information you need to understand what a threat hunting team really does. This paper is a must-read for anyone who wants to understand new developments on the defensive side of cyber security – and especially for anyone who wants to understand what threat hunting really means.
You can view the infographic and newly published whitepaper “Demystifying Threat Hunting” by clicking the link here.
To learn more about F-Secure, click here.
F-Secure will be in attendance at several of our CIO Events in 2020, including at Said Business School, Oxford University. To learn about this and other CIO events, click here.
You have missed out some details, please try again.