Rather than sitting back and allowing threats to attack first, threat hunting is the proactive search taken to mitigate and combat cyber threats before they can take hold. The sooner a threat is identified, the less likely it is to cause network disruption, or any other type of damage to devices or systems.
There are three main types of threat hunting investigation, that combine human brains and instincts with advanced cybersecurity technology:
1. Investigation based on known Indicators of Compromise (IoCs) or Indicators of Attack (IoAs): These investigations utilize tactical threat intelligence to examine known IoCs and IoAs associated with new threats. Threat hunters then leverage this data to uncover potential malicious threats or attacks.
2. Hypothesis-driven investigation: Triggered by new threats that are identified through a large database of retrieved threat intelligence data, threat hunters are given visibility and insights into an attacker's latest tactics, techniques, and procedures (TTP). Once a new TTP has been identified, threat hunters can then research and examine activity within their own environment, to see if the attacker’s specific behaviors are detected there.
3. Advanced analytics and machine learning investigation: Robust behavioral analysis, AI and machine learning combine together to sift through huge amounts of information, in order to detect irregular patterns of activity that may suggest potential threats. Any anomalies that are picked up will become hunting leads, that can then be investigated by security analysts.