SH&NR Week 7 Posting - Cyber Threat Hunting

 Threat Hunting

    Threat hunting is a proactive approach to cybersecurity. Threat hunting is designed for cybersecurity professionals to think as though attackers have already infiltrated a system. Cybersecurity professionals can then "react" to those attacks by securing devices, applying patches, and more all while staying ahead of any actual attack. 

    The cyber threat hunting process consists of four parts: hypothesis, investigation, identifying patterns, and inform operations. The hypothesis portion of the process works the exact same way hypotheses do in a scientific setting. Cybersecurity professionals will think of a possible type of attack and how the attack is being implemented. An example would be that malware is being injected through phishing links being sent to employee email addresses. The scenario is not actually happening, but teams can investigate and mitigate devices, accounts, and systems as though it was. The next portion covers investigation. Here professionals would find any tools or techniques that could be used to determine if that hypothetical attack was actually happening. For our example, tools like Microsoft Defender for 365, Splunk (SIEM), and a secure sandbox software are great tools to help identify and combat those malicious phishing links. The next portion involves identifying patterns. Data gathered from the tools in the last step is analyzed. This data will allow professionals to identify patterns as well as tactics, techniques, and procedures (TTPs) that a threat actor might use in an attack. The last portion of the process involves taking those findings to inform and improve security operations. Examples on actions to take to improve security for a phishing attack include removing infected emails, isolating affected accounts, and devices, improving email filters, and educating users on phishing best practices. 

Source:

    Chapman, B., & Maymí, F. (2021). Comptia Cysa+ Cybersecurity Analyst Certification Exam Guide (exam CS0-002).     MCGRAW-HILL EDUCATION.