Cyber Threat Hunting — What Is It, Really?

The Methodologies of Successful Cyber Threat Hunting

  • Data-driven — Which typically involves using statistical models to identify commonalities in activity, and perhaps more importantly, statistical outliers. This type of threat hunting can be invaluable when a security team is just starting out, or if the hunters are operating in unfamiliar territory. The singular challenge data-driven hunting faces is that it is not trigger-based, so hunt teams can be literally hunting for a needle in a haystack of more needles.
  • Hypothesis-driven — Which typically involves those practicing cyber threat hunting to build a semi-scientific hypothesis that can involve new or emerging threats and their observed tactics, techniques, and procedures (TTPs). Unlike data-driven hunting, hypothesis-driven hunting is trigger-based meaning that hunters can deploy hunting content and review the results after a specific period. This makes hypothesis-driven hunting far more efficient than data-driven hunting.

The Role of Cyber Threat Hunting in a Modern SOC

  • Threat Detection Content
  • Blind Spot Identification
  • Investigative Process Building

Threat Detection Content

Blind Spot Identification

Investigative Process Building

Managed Cyber Threat Hunting? Or In-House?

Where to Get Started Threat Hunting?

Threat Hunting Content Platforms

Conclusion

--

--

--

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Peuters eerste woordjes leren kinderspelletje Hack Free Resources Generator

HackTheBox — Forwardslash

5 Key Things About Data Not To Miss in the GDPR

{UPDATE} Zombie Accident Hack Free Resources Generator

The Automata Ambassador Program

A Deep Dive Into The Internet of Things

GOOGLE PENALTY SAFETY: STAY AWAY FROM THESE 5 PENALTY RISKS

Hacking The Hackers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

More from Medium

Wireshark for Cybersecurity and Threat Hunting — Log4J Exploit —  CyberDefense

Fixing the Zeek Add-on for Splunk in DetectionLab

How to set up your own Threat Intelligence infrastructure (I)

MITRE ATT&CK