Threat Hunting is proactive hunting or searching through networks, endpoints, and datasets to find malicious, suspicious, or risky activity, patterns, or files that evaded existing detection tools. This is different from threat detection which is a passive, reactive approach to monitoring data and systems for potential security issues. Proactive cyber threat hunting tactics can use new threat intelligence on previously collected data to identify and categorize potential threats retroactively and possibly head off a current or future breach.
Defense-in-depth security programs combine passive detection systems with active threat hunting to provide the greatest chance of attack discovery. Threat hunting develops attack scenarios based upon reported or observed threat actor behaviors and validates those theories against SIEM databases, log files, and observed activities across ones computing systems and networks.
With threat hunting, security professionals look at their data sources not for standard alerts but with deeper reasoning and forensics. In some cases, the threat hunter’s substantiate alerts previously ignored or treated as false-positives.
Sources:
Additional Reading:
MSPs Should Require Risk Assessments
U.S.S.S. Reporting Increase in SMBs Hacked
Related Terms: