Friday, January 22, 2021
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Blog

Threat Hunting In Cybersecurity | A guide

Hamzat Lateef by Hamzat Lateef
May 7, 2019
in Blog
0
Threathunting
Share on FacebookShare on Twitter

 What is Threat Hunting?

Threat Hunting means to proactively search for malware or attackers that are hiding in your network — and may have been there for some time.

What is the Goal of an Attacker?

Most time, the goals of these malware or attackers can be to quietly stealing off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.

And at the same time, they might be there to harness your computing resources for use in the Botnet army under the control of a C&C(Command and Control).

Many organization servers are been used to launch coordinated bot attacks such as DDOS (Distributed Denial of Service) across the world while such organizations, incur the cost of processing power, electricity, maintenance etc.

Why is Threat Hunting Important?

When the traditional protections we have in an organization fails to detect Advanced Persistent Threat (APT) , then threat hunting is the only way to help discover them.Basic security hygiene and properly implemented EDR (End Point Detection and response), firewalls and other automated security tools should stop the majority of threats from getting in.

Most time, these malware and attackers are able to get into our network through applications we deemed legitimate ( a case study of where one of the legitimate application installed in an organization is initiating a connection to a C&C using one of its background process) .

Once an attacker has sneaked into our network undetected, there’s often not much to stop them from staying there.

According to a research, it takes on an average of 191 days for a cyber criminals (considering all forms of TTPs) to be discovered once they’re on your network.

This is a great long time to cause the havoc they intended, which can undermine business continuity and existence. In contrast to a cyber forensic , which is designed to work out what went wrong after an attack, Threat Hunting aims to track down these waiting attackers and stop them in their tracks before they have the chance to cause real damage.

What Do You Need to Start Threat Hunting?

 

Having a fairly mature security setup capable of ingesting multiple sources of information and storing it in a way that lets you access it, is key to the success of Threat Hunting. Every organization must as well show commitment and readiness towards it and do well by allocating necessary resources.

How to Run a Successful Threat Hunting In Your Organization

What should be included in the basic setup every organization need to have a successful Threat Hunting are; automated blocking and monitoring tools such as firewalls,IDS/IPS, EDR, network packet capture, and a SIEM(Security Information and event management).

And most importantly,a platform that will give you a step ahead of the attackers needs to be on ground. Provision of access to Threat Intelligence resources so you can look up IP addresses, malware hashes, IOCs, URL reputation, C&C activities, feeds and more.

And also, a tool that allows the organization to bring together all of these disparate data sources and slice and dice them in a way that reveals actionable intelligence with the least possible effort will also be required.

Cyber ThreatHunting
Source – https://sqrrl.com/threat-hunting-10-adversary-behaviors-hunt/

As soon as we can bring all tools in place and working together, the need for a team with enough people and skills to manage the technology and vast amount of data involve is required.

Threat Hunting  is an advanced and complex task, but with the right people, technology and questions, it can help re-position your organization’s security posture for the better and prevent major problems before they occur.
Following the Threat Hunting Loop, It is very easy to create a threat hunting procedures that matches the need of your organization.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Tags: cybersecuritymalwareThreat HuntingThreat Intelligence
Hamzat Lateef

Hamzat Lateef

Next Post
Fileless Malware

Fileless Malware- Are they really fileless?

0 0 vote
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

  • Trending
  • Comments
  • Latest
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

July 1, 2019
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

6
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
What To Do After You Have Been Hacked

What To Do After You Have Been Hacked

January 18, 2021
Attacking the Weakness from Related RSA Public Keys

Attacking the Weakness from Related RSA Public Keys

December 12, 2020
Data hawking and the economics of perversion

Data hawking and the economics of perversion

December 31, 2020
NBA - Data Privacy and issues

NBA Elections: Addressing The Increasing Spate of Data Breaches and Privacy Intrusion

August 5, 2020

Recommended

What To Do After You Have Been Hacked

What To Do After You Have Been Hacked

January 18, 2021
Attacking the Weakness from Related RSA Public Keys

Attacking the Weakness from Related RSA Public Keys

December 12, 2020
Data hawking and the economics of perversion

Data hawking and the economics of perversion

December 31, 2020
NBA - Data Privacy and issues

NBA Elections: Addressing The Increasing Spate of Data Breaches and Privacy Intrusion

August 5, 2020

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply