Cyber threat hunting
(also proactive threat hunting)
Cyber threat hunting definition
Cyber threat hunting is a proactive defense method that involves actively searching for cyber threats within a network. Specifically, with cyber threat hunting, users seek out bad actors that have managed to access the network without being detected.
This way, users are able to stop the attacker that has already penetrated their network from doing even more damage than they already have and from going deeper within their systems.
Additionally, many organizations and individuals do not have access to advanced detection tools, meaning they cannot remove the attacker from the network once it has been breached. However, with cyber threat hunting, they are able to do this in a more cost-effective manner before the attacker disappears without a trace within their systems.
And seeing as cyber attacks are getting increasingly sophisticated, including cyber threat hunting in a business’s defense strategy is crucial, no matter how advanced it already is.
See also: threat hunting, advanced persistent threat
The three main cyber threat-hunting methods
- Analysis-driven cyber threat hunting – this method involves searching for new threats within a network using data gathered from Machine Learning (ML) and Artificial Intelligence (AI) tools.
- Hypothesis-driven cyber threat hunting – when information regarding a new threat is gathered, hunters use it to look for abnormalities or trends within their network or systems that resemble the new threat.
- TTP-based cyber threat hunting – hunters use the attacker’s known tactics, techniques, and procedures (TTP) to determine whether they have entered the network.