THREAT HUNTING MATURITY MODEL: A NEW APPROACH FOR STRUCTURED HUNTING

THE ORIGINAL THREAT HUNTING MATURITY MODEL

  • the quantity and quality of data collected by organizations;
  • the methods and capabilities to visualize and analyze data; and
  • types of analytics available to the data to enhance hunters’ insights into said data.

INTRODUCING THE HUNT TEAM MATURITY MODEL (AN UPDATE TO THE THREAT HUNTING MATURITY MODEL)

Threat Hunt Team Maturity Model
  • The security controls that an organization has in place;
  • The maturity of the threat intelligence that feeds hunting efforts;
  • The types of hunting an organization is capable of performing; and
  • The outputs of the hunt team

HTM0 — NON-EXISTENT CAPABILITY

  • Antivirus
  • Host and network-based intrusion detection and prevention systems (IDPS)
  • Firewalls (FW),
  • Web application filtering (WAF),
  • Web proxying solutions

HTM1 — NASCENT CAPABILITY

  • User Agent Strings
  • Blank or missing fields in HTTP traffic
  • Encoded data in the HTTP header

HTM2 — FUNCTIONAL CAPABILITY

HTM3 — MATURING CAPABILITY

HTM4 — FULLY MATURE CAPABILITY

A CONCLUSION ON THREAT HUNTING MATURITY MODELS

--

--

--

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Plasm Network partners with NFTyLabs

Did Google just got hacked?!

Fox Kitten Campaign targeting VPN flaws

What is Hacking? Common Objectives, Types, and How to Guard Against It

🔥NEW AIRDROP FROM THE SLC PLATFORM!🔥

NIST 800–171 vs. CMMC Compliance

Payment Gateway Solutions — Is It Worry Buying in 2021?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

More from Medium

Log4j: Making the Case for Structured Hunting

LetsDefend: Hijacked NPM Package/Supply Chain Compromise

“Intelligence-Driven Incident Response” Notes

Fixing the Zeek Add-on for Splunk in DetectionLab