Threat Hunting
A cyber security technique designed to detect the presence of threats that have not been discovered by normal security monitoring Threat Hunting is potentially less disruptive than penetration testing.
Establishing a hypothesis
- The threat modeling yields a hypothesis, which is based on hypothetical occurrences with a greater likelihood and impact.
Profiling Threat Actors and Activities
- It entails creating scenarios that depict how a potential attacker may try an incursion and what their goals might be.
The use of technologies designed for routine security monitoring and incident response is required for threat hunting
- Examine network traffic
- Examine the list of executable processes.
- Examine additional compromised hosts to see how the malicious process was launched.
Threat hunting requires a significant investment of money and effort, but it may provide several rewards
- Enhance detecting abilities
- Incorporate intelligence
- Decreases the assault surface
- Defend against attack vectors
- Determine important assets