What is cyber threat hunting?
Organizations use different security tools and solutions to detect and prevent cyber threats. But, at times, these security tools may not be able to detect new cyber attacks. New cyber attacks may not have signatures and they may be able to evade existing security solutions. Cyber threat hunting is a cyber defense activity in which advanced cyber threats, that evade existing security tools and solutions, are detected and isolated.
Please note that cyber threat hunting is different from traditional threat management measures. In traditional threat management measures, different security tools and solutions generate alerts and warnings if any cyber threat is detected. And, after that investigation starts based on evidence-based data.
But, in cyber threat hunting, one has to proactively search through networks and endpoints and detect if there is any suspicious activity that may indicate cyber attackers have evaded the existing security tools and solutions.
Cyber threat hunting is based on a hypothesis. The threat hunters are well-aware of the behavior of threat actors and they proactively search through the environment to validate the hypothesis.
In this article, we will discuss:
-
What is cyber threat hunting?
-
Cyber Threat Hunting Steps
0 Comments