What is Threat Hunting
--
Even though businesses continuously put a lot of money into cyber security, the losses caused by hackers are signifcantly increasing
For example, according to a recent IC3 report , business email compromise scams alone have led to losses of over $26 billion in tge past three years
what is IC3 ?
The Internet Crime Complaint Center (IC3) is a website and that offers users a standardized mechanism and interface to report suspected cybercrime or other illegal activity facilitated by the Internet. Victims can report on their own behalf, and people can also report crimes on behalf of other individuals.
Based on FireEye’s M-Trends 2019 Report, the average time for an organization to discover that they have been breached (also known as dwell time), for the investigations Fireeye were part of, was 78 days; this means that an intruder could be in your network for nearly three months
before you know about it
Wait a Second There is a word called dwell time
What is the meaning of dwell time ?
Dwell time refers to the amount of time a malicious actor has access to a compromised system before an MSP detects a threat.
okay Agian
what is MSP ?
MSPs or managed service providers can address vulnerabilities in your network before they are even exploited. By implementing these guidelines, MSPs can bolster their line of defense against people with bad intentions.
Back to our story
And Back again but to 2011
In 2011 the the average time for an organization to discover that they have been breached (dwell time) was 416 days
Yes Security Become Better And Hackers Become Better too
ِIt makes no sense to wait for the threat to come
Time to Hunting the Threat
Threat hunting is the human-centric process of proactively
searching data and discovering cyber threats It is a drastic change from the traditional reactive approach of waiting for an internal system, such as an IDS, or law enforcement, to notify them that they have been
breached. The hunter detects threats that nothing else
detected.
Threat hunting aims to reduce the dwell time by
identifying threats in a very early stage of the infection.
By doing so, it may be possible to prevent attackers from
gaining a stronger foothold in the environment and remove
them from the network.
It is another line of defense for the organization, but it defends by attacking first
Becuase Hunting is an offensive-based strategy
Requires the hunter to think like an black-hacker or attacker
The hunting Process begins by identifying ptentially targeted data & system which behavioral techniques the attackers may use .
And there another Soldier called Threat Intelligence
Threat Intelligence is often utilized during the hunt to
develop techniques and carry out necessary actions to
protect systems from compromise.
Thanks to INE ,THM, Cybrary to help understand this topic
