Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defences.
After sneaking in, an attacker can stealthily remain in a network for months as they quietly collect data, look for confidential material, or obtain login credentials that will allow them to move laterally across the environment.
Threat Hunting Methodologies
- Hypothesis-driven investigation
- Investigation based on known Indicators of Compromise or Indicators of Attack
- Advanced analytics and machine learning investigations
Threat Hunting Steps
- The Trigger