1 Introduction to Threat Hunting

 

The chapter introduces the Cyber Kill Chain and provides an overview of the cyber security threat landscape and how threat hunting can tackle complex cyber security challenges. The chapter describes the thought process behind threat hunting, laying down fundamental concepts of a successful threat hunting practice. The chapter draws the differences and highlights the similarities between threat hunting and threat detection. The chapter ends with an overview of the core tools that threat hunters use.

The book defines cyber threat hunting as follows:

Definition

Cyber threat hunting is a human-centric security practice that takes a proactive approach to uncover threats that evaded detection tools or threats that have been detected but dismissed or undermined by humans.

The chapter covers the following topics:

  • The stages of the Cyber Kill Chain
  • How threat hunters uncover cyber threats that went unnoticed by detection tools, equipped with the right set of skillset and tools.
  • The similarities and differences between cyber threat hunters and farmers (security analysts) and how hunting and detection services complement each other.
  • The hypothesis-driven approach that the threat hunting process takes
  • The characteristic of a successful threat hunter and a threat hunting practice
  • The set of core tools that threat hunters require to conduct hunting expeditions

1.1 Cybersecurity Threat Landscape

 
 
 

1.2 Why Hunt?

 
 

1.3 Structuring Threat Hunting

 
 

1.3.1 Coming up with a Hypothesis

 
 
 
 

1.3.2 Testing the Hypothesis

 
 

1.3.3 Executing the Threat Hunt

 
 

1.4 Threat Hunting vs Threat Detection

 
 

1.5 The Background of a Threat Hunter

 
 

1.6 Threat Hunting Process

 
 
 
 

1.7 Overview of Technologies and Tools

 
 
 

1.8 Summary

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest