Cyber threat hunting is an active cyber defence activity. It is “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.”
Threat hunting has traditionally been a manual process, in which a security analyst sifts through various data information using their own knowledge and familiarity with the network to create hypotheses about potential threats, such as, but not limited to, Lateral Movement by Threat Actors. To be even more effective and efficient, however, threat hunting can be partially automated, or machine-assisted, as well. In this case, the analyst uses software that leverages machine learning and user and entity behavior analytics (UEBA) to inform the analyst of potential risks. The analyst then investigates these potential risks, tracking suspicious behavior in the network. Thus, hunting is an iterative process, meaning that it must be continuously carried out in a loop, beginning with a hypothesis.
- Analytics-Driven: “Machine-learning and UEBA, used to develop aggregated risk scores that can also serve as hunting hypotheses”
- Situational-Awareness Driven: “Crown Jewel analysis, enterprise risk assessments, company- or employee-level trends”
- Intelligence-Driven: “Threat intelligence reports, threat intelligence feeds, malware analysis, vulnerability scans”
The analyst researches their hypothesis by going through vast amounts of data about the network. The results are then stored so that they can be used to improve the automated portion of the detection system and to serve as a foundation for future hypotheses.
The Detection Maturity Level (DML) model expresses threat indicators can be detected at different semantic levels. High semantic indicators such as goal and strategy, or tactics, techniques and procedure (TTP) are more valuable to identify than low semantic indicators such as network artifacts and atomic indicators such as IP addresses. SIEM tools typically only provide indicators at relatively low semantic levels. There is therefore a need to develop SIEM tools that can provide threat indicators at higher semantic levels.
Google acquisition of Siemplify is a knockout punch for standalone SOAR
Google Cloud’s acquisition of a SOAR tool in and of itself is not surprising — this has been a missing piece for its Chronicle offering that other security analytics platforms have built in for the past several years.
Easytech4all Cyber Threat Intelligence Learning and Development
In a Nutshell :
Cybersecurity & Adv Cyber Threat Intel Research.
Mobile OS Hardening.
CyberSec Software & Platform Reviews.
CMS LMS WebDev.
Diving Deep into incredible Research on CyberSec.
Defense Grade Security Intelligence,Awareness,Forecasts,Strategy.
Research and Reports.
Simplifying Complex Pieces of Incredible Intel.
CyberSec Trends. Vulnerability Statistics.
US DOD Enterprise Security.
Email Threat Analysis.
Data Breach Industry Forecasts.
UK National Cybersecurity Reports.
Adversary Threat Hunting.
Protecting Digital Assets.
Advanced Persistent Threat Analysis (APT)
CyberCrime Modus Operandi and Statistics.
Nation State Security Trends.
National CyberPower Reports.
Age of Cyber Warfare.
Study Research reports on Advanced Cyberdefense Threat Intelligence by CISA , CERT , US Department of Defense , US Navy , National Cybersecurity Alliance ,US Cyber Command , NSA , FBI , US Department of Homeland Security DHS , CrowdStrike , Edgescan etc.
Lightning Fast Cybersecurity updates in real time.
Follow Blog for work in progress updates on R&D
Cybersec YouTube playlist.
Advanced cyber threat Intelligence
cyber threat Intelligence