Threat Hunting Playbook
02.10.2019
Read
Threat hunting is an indispensable component of cyber security operations. In this article, we provide you with a guideline that will help you come up with a methodology and a plan of action for your threat hunting practices.
The practice of threat hunting refers to the proactive search for malicious actors and contents in your system. At any given time, there might be malware or even cyber attackers sneaking around in your network. They can go unnoticed for an extended period of time, meanwhile stealing valuable and sensitive information, tapping into your confidential communications, or even worse, stealthily making their way to acquiring credentials that will allow them to seize the control of your whole network. Performing malware analysis might help cyber security teams to prevent damages to your system caused by cyber criminals. With threat hunting practices, you specifically focus on the undetected threats in your network. When doing the ‘hunt, your cyber security professionals dig deep into your organization’s network in order to find any malicious actor that might have slipped through your initial defences and concealed itself in the darkness.
Threat hunting has three essential components:
In order to conduct a successful hunt, you must pay attention to these components. Firstly, you must be aware of what goes on in your systems and on your network. You must know the baseline and what the normal activity is. Thus, you can easily identify suspicious activities. Secondly, you must take appropriate preventive measures because the best way to fight with security incidents is not letting them happen in the first place. Work on the vulnerabilities of your systems and fortify the façade of your network. You can take control of security incidents by using Incident management tools. The third component is the incident response. Taking precautions does not mean that you will not be attacked. That is why you must always be ready to respond to an intrusion. Create a protocol, inform your team, know what to do in case of an emergency. What is the threat hunting loop? Threat hunting is not a one-time gig. It must continue at regular intervals and it must follow the predestined steps. In a sense, threat hunting follows a circle. It is a never-ending loop that keeps your systems and networks safe. Below you can find a simplified model of threat hunting loop.
