What is Threat Hunting?
Cyber threat hunting is a proactive threat detection method. The process involves actively looking for traces of cyber attacks (past and present) in an IT environment. Cyber threat hunters are security professionals who proactively and iteratively detect and act on advanced attack traces before any alerts are generated by security controls.
This contrasts with traditional defensive or preventative measures where the protector investigates data only after a threat indication has been made. A cyber threat hunter should demonstrate both analytical and creative skills, and could benefit from a strong understanding of adversary cyber tactics, techniques and procedures (TTP’s).
Threat Hunting with Hunters XDR
Hunters provides an easy-to-use platform that helps users augment their intuition by allowing them to tackle threat hunting in a structured manner.
Threat hunters can implement and automate their hunting theses with a consolidated threat hunting platform. Hunters XDR provides threat hunting teams with guided investigations supported by off-the-shelf scoring and correlation, which surface Attack Stories that could otherwise go undetected. The XDR platform also connects the organization’s own detection logics into Hunters’ proprietary graph of related entities, alerts and threat signals.
Using one interface, threat hunters can detect weak signals across the entire security environment and easily investigate them using the intuitive search capabilities of the platform, eliminating the pain of context-switching. There's no need for advanced rule-writing or manual correlations (although if threat hunters want to, these are enabled by Hunters XDR). All of this simplifies the hunting process and also enables analysts and other security team employees to engage in hunting activity.
How to Create an Effective Threat Hunting Workflow
- Choose a Hunting Domain
Since Hunters XDR seamlessly ingests both raw data as well as alerts and signals from any telemetry source, threat hunters can easily access all of that data from the Hunters portal: endpoint, cloud, network, email, identity, etc.
- Create a List of Signals
Hunters XDR gathers all threat signals and alerts generated by security products as well as the ones generated by Hunters’ own detections for various sources. All of these signals and alerts are grouped by detection type and listed with their relevant score and associated context.
- Pick a Group of Signals to Focus on and Investigate Further
Easily investigate signals by using Hunters' auto-investigations for enhanced context, and run drill-downs on relevant signals as needed. Additionally, threat hunters can use the ‘Entity Search’ feature to look for any entity in the environment and understand its associated leads and further qualification.
- Escalate Signals and Alerts for Response and Remediation
Once the investigation has concluded, threat hunters can decide whether or not to escalate the threat signal or alert and promote it to an incident for remediation.