1 Introduction to Threat Hunting
This chapter covers
- The stages of the Cyber Kill Chain
- How threat hunters uncover cyber threats that went unnoticed by detection tools, equipped with the right skill set and tools
- The similarities and differences between cyber threat hunters and farmers (security analysts) and how hunting and detection services complement each other
- The hypothesis-driven approach that the threat hunting process takes
- The characteristics of a successful threat hunter and a threat hunting practice
- The set of core tools that threat hunters require to conduct hunting expeditions
Welcome to the first chapter of our exploration into cyber threat hunting. Here, you'll gain foundational insights into the Cyber Kill Chain and the ever-evolving cyber security landscape, setting the stage for mastering advanced threat hunting techniques. In this chapter, we introduce the Cyber Kill Chain and provide an overview of the cyber security threat landscape. We’ll also look at how threat hunting can tackle complex cyber security challenges. The chapter will describe the thought process behind threat hunting, laying down fundamental concepts of a successful threat hunting practice. The chapter draws the differences and highlights the similarities between threat hunting and threat detection. We’ll bring things to a close with an overview of the core tools that threat hunters use.