Strategic Threat Hunting – Advanced Cyber Threat Intelligence

Strategic Threat Hunting – Advanced Cyber Threat Intelligence
Siemplify Strategic Threat Hunting

Cyber threat hunting is an active cyber defence activity. It is “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.”

Threat hunting has traditionally been a manual process, in which a security analyst sifts through various data information using their own knowledge and familiarity with the network to create hypotheses about potential threats, such as, but not limited to, Lateral Movement by Threat Actors. To be even more effective and efficient, however, threat hunting can be partially automated, or machine-assisted, as well. In this case, the analyst uses software that leverages machine learning and user and entity behavior analytics (UEBA) to inform the analyst of potential risks. The analyst then investigates these potential risks, tracking suspicious behavior in the network. Thus, hunting is an iterative process, meaning that it must be continuously carried out in a loop, beginning with a hypothesis.

  • Analytics-Driven: “Machine-learning and UEBA, used to develop aggregated risk scores that can also serve as hunting hypotheses”
  • Situational-Awareness Driven: “Crown Jewel analysis, enterprise risk assessments, company- or employee-level trends”
  • Intelligence-Driven: “Threat intelligence reports, threat intelligence feeds, malware analysis, vulnerability scans”

The analyst researches their hypothesis by going through vast amounts of data about the network. The results are then stored so that they can be used to improve the automated portion of the detection system and to serve as a foundation for future hypotheses.

The Detection Maturity Level (DML) model  expresses threat indicators can be detected at different semantic levels. High semantic indicators such as goal and strategy, or tactics, techniques and procedure (TTP) are more valuable to identify than low semantic indicators such as network artifacts and atomic indicators such as IP addresses. SIEM tools typically only provide indicators at relatively low semantic levels. There is therefore a need to develop SIEM tools that can provide threat indicators at higher semantic levels.

Google acquisition of Siemplify is a knockout punch for standalone SOAR

Google Cloud’s acquisition of a SOAR tool in and of itself is not surprising — this has been a missing piece for its Chronicle offering that other security analytics platforms have built in for the past several years.

https://www.siemplify.co/

https://www.siemplify.co/blog/siemplify-is-joining-forces-with-google/

Easytech4all Cyber Threat Intelligence Learning and Development

In a Nutshell :
Cybersecurity & Adv Cyber Threat Intel Research.
Mobile OS Hardening.
CyberSec Software & Platform Reviews.
Content Creation.
CMS LMS WebDev.
Convergence.
Diving Deep into incredible Research on CyberSec.

Cloud Archives.
Defense Grade Security Intelligence,Awareness,Forecasts,Strategy.
Research and Reports.
Simplifying Complex Pieces of Incredible Intel.
CyberSec Trends. Vulnerability Statistics.
US DOD Enterprise Security.
Email Threat Analysis.
Data Breach Industry Forecasts.
UK National Cybersecurity Reports.
Adversary Threat Hunting.
Protecting Digital Assets.
Advanced Persistent Threat Analysis (APT)
CyberCrime Modus Operandi and Statistics.
Nation State Security Trends.
National CyberPower Reports.
Age of Cyber Warfare.

Study Research reports on Advanced Cyberdefense Threat Intelligence by CISA , CERT , US Department of Defense , US Navy , National Cybersecurity Alliance ,US Cyber Command , NSA , FBI , US Department of Homeland Security DHS , CrowdStrike , Edgescan etc.

Lightning Fast Cybersecurity updates in real time.

https://flipboard.com/@easytech4all/cybersecurity-6tbejh5oz

Follow Blog for work in progress updates on R&D

https://easytech4all.net/author/easytechonline/

Cybersec YouTube playlist.

https://easytech4all.net

cybersecurity

cyberattacks

Cyberattack

cybersec

infosec

dataprotection

dataprivacy

linux

cyberdefense

cyberdefence

AdvancedCyberThreatIntelligence

CyberThreatIntelligence

technology

informationtechnology

easytech4all

CyberWar

cybersec
Cyberdefense
Cyber Defense
Cyber Defence
easytech4all
Cybersecurity
infosec
Advanced cyber threat Intelligence
cyber threat Intelligence
Data privacy
Data protection
Cyberthreatintelligence
Advancedcyberthreatintelligence

By:


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: