Becoming a hunter, not the hunted.... (Week 7)
Threat Hunting is an interesting concept… and it means exactly what it says. Hunting down threats before they find you, in a sense. While there still may be signs that a threat is there, it’s the act of finding and catching it before you know it’s a confirmed problem. In short, it works by coming up with a hypothesis, whether it’s based on something that seems off, or a potential gut feeling. The goal is to prove whether or not the hypothesis is correct or failed. Depending on what you’re looking for specifically it may involve looking through various data, like logs, network, activity, protocol analyzers, or comparing past activity to present activity. If the hypothesis doesn’t stand up, nothing happens. On the other hand, if it does, you move to incident response in order to fix, mitigate or manage the issue. While the process sounds simple when you put it into words, but in a real-life scenario it can be a little more complicated than it seems, and sometimes it may not get...