1 Introducing threat hunting

 

This chapter covers

  • The stages of the Cyber Kill Chain
  • How threat hunters uncover cyber threats
  • Threat hunting versus threat farming
  • The hypothesis-driven approach of the threat- hunting process
  • The characteristics of successful threat hunting
  • The core tools that threat hunters use

The chapter introduces the Cyber Kill Chain, provides an overview of the cybersecurity threat landscape, and shows how threat hunting tackles complex cybersecurity challenges. We will discuss the thought process behind threat hunting, laying down the fundamental concepts of a successful practice. The chapter also highlights the differences and similarities between threat hunting and threat detection and ends with an overview of threat hunters’ core tools. We’ll start with an overview of the cybersecurity threat landscape and see why threat hunting is essential.

Definition

This book defines cyber threat hunting as a humancentric security practice that takes a proactive approach to uncovering threats that evaded detection tools and threats that were detected but dismissed or undermined by humans.

1.1 Cybersecurity threat landscape

Today’s cyber threat landscape is complex, evolving, and diverse. Threat actors ranging from organized cybercriminals to state-sponsored groups actively improve their existing attack techniques and tools and create new ones to move through the Cyber Kill Chain.

1.2 Why hunt?

1.3 Structuring threat hunting

1.3.1 Coming up with a hypothesis

1.3.2 Testing the hypothesis

1.3.3 Executing the threat hunt

1.4 Threat hunting vs. threat detecting

1.5 The background of a threat hunter

1.6 The threat-hunting process

1.7 Overview of technologies and tools

Summary

sitemap