Threat hunting is a hot new term in the cyber security world, but it’s not always used consistently. The term can be employed loosely – or even opportunistically – to refer to things other than the process of actively hunting potential threats. Some traditional security operations services have been rebranding what they already do as “threat hunting” without any improvement in the outcomes they deliver. So, what really is threat hunting?
Threat hunting is the process of discovering gaps in your detection coverage before a real attacker does. The gaps can be closed before an attacker makes use of them.
Threat hunting is the practice of assuming that an organization has been compromised. This includes understanding how an attacker would think and then using that to infer the techniques that an attacker would use to compromise the organization. Once the threat hunter has identified the techniques an attacker would have used, they can then create detection use cases that can be automated to improve the organization’s detection coverage.
Threat hunting isn’t the only thing needed to effectively defend against an attacker – it needs to work hand in hand with security operations. Countercept has developed Continuous Response, which is a combination of detection and response operations into a single methodology to cut down the response gap and enable an immediate response to any attack. When conducted properly, threat hunting and continuous response are integrated activities, each one constantly feeding into and improving the other.
To clear up what threat hunting really is – and what it really isn’t – we’ve created an infographic called “Myths and Misconceptions About Threat Hunting.”Download infographic
The infographic is from a new paper published BY F-Secure Countercept: “Demystifying Threat Hunting”, intended to highlight common myths and misconceptions around the term. The paper also looks at what Threat Hunting means to actual practitioners and how it applies to the concept of Continuous Response. The paper describes what makes good threat hunting practice, and what tools need to be made available to threat hunters so they can excel at their task. Finally, the paper looks at emerging trends and offers some predictions about the future of threat hunting.
“Demystifying Threat Hunting” is a must-read for anyone who wants to understand new developments on the defensive side of cyber security – and especially for anyone who wants to understand what threat hunting really means.Get the paper