Threat hunting has traditionally been a manual process, in which a security analyst sifts through various data information using their own knowledge and familiarity with the network to create hypotheses about potential threats, such as, but not limited to, Lateral Movement by Threat Actors. To be even more effective and efficient, however, threat hunting can be partially automated, or machine-assisted, as well. In this case, the analyst uses software that leverages machine learning and user and entity behavioral analytics (UEBA) to inform the analyst of potential risks. The analyst then investigates these potential risks, tracking suspicious behavior in the network. Thus hunting is an iterative process, meaning that it must be continuously carried out in a loop, beginning with a hypothesis. The hypothesis can focus efforts on known exploits, potential bad actors or assets and data of value. Using security data, industry reports and other intelligence, the hypothesis is formed, and the hunt team sets out to prove or disprove its validity. Cyber threat hunts often employ both automated and manual tools and techniques to identify a compromise before it is detected.
Contact us directly
Tampa, Florida, United States