Threat Hunting


 What is threat hunting?

When we examine this term we can see that it is hunting to uncover the threats in the information system. But we need to add something to describe it properly. We can describe it as we hunt for threats by imagining a hypothesis that there is a threat to our information system and based on that we conduct the hunting by using numerous techniques and tools. 


                                                                Figure 1 - threat hunting illustration


Why threat hunting?

We need to conduct these threat hunting activities regularly to uncover the possible security threats to our information system. Because there can be zero-day vulnerabilities also. After we have discovered any kind of threat, we need to inform them to the liable authorities who can take action and mitigate them. By following this procedure we can secure our information system and it is an important step for information security.


                                                    Figure 2 - threat hunting cycle


What is the threat hunting cycle?

This threat hunting is never ended and we need to conduct it regularly as this is a cyclic process. It begins with the hypothesis which describes there is a possible threat in our information system which we need to uncover. So, creating a hypothesis is the first step.

After having a hypothesis we need to discover and uncover what are these possible threats using different tools and techniques. We need to search for these threats by taking time and we have to continue until we get any clue about a threat. sometimes it can take more than one month to uncover a threat.

As a third step, we need to uncover new patterns and TTPs. It means we need to uncover new possible threats to our systems. Here we should be able to uncover the new threats as day by day they and their patterns will change. Here the TTP term describes as Terrorist, Tactics, Techniques, and procedures. The terrorists are the attackers or the person who can carry out the threats to our system. Tactics mean the behavior mechanisms the people use to carry out the threats to our information systems. Techniques and procedures can describe as the tools, procedures, and mechanisms use to make a possible threat to our information system.

After those previous phases, we need to create proper analytics and reports and analyze what are the weaknesses in our systems and what are the possible threats and what are patterns attacker use to carryout these threats.        

Comments

  1. πŸ₯°πŸ₯°πŸ₯°❤️πŸ€—

    ReplyDelete
  2. Really Interesting wasu ♥️

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. 🀩🀩🀩🀩very informative

    ReplyDelete
  5. Well DoneπŸ₯‚πŸ‘πŸ»

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Nice work ♥️ Very Informative

    ReplyDelete
  8. Nice work keep it up πŸ”₯❤️

    ReplyDelete
  9. well done.. Keep it up... ❤️❤️

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. Best article I've ever seen regarding threat hunting. Thank you very much for knowledge sharing❤

    ReplyDelete
  13. Nice work with useful topic ❤

    ReplyDelete

Post a Comment

Popular posts from this blog

Introduction to Cryptography

Ancient Cryptography

GDPR (General Data Protection Regulation)