Threat hunting is an alternative approach to dealing with cyber-attacks, compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a system. While these common methods of defense generally investigate threats after they have occurred, the strategy of threat hunting involves searching through networks, detecting and isolating threats, and eradicating them before traditional warning systems have even sounded the alert.
This can be achieved manually by security analysts, who search through a system’s data information to identify potential weaknesses within the network and create “what-if” scenarios they use to proactively counter those weaknesses. Today, though, threat hunting is becoming more automated, and the process takes advantage of user and entity behavior analytics to inform the security analyst of any potential risks.
There are three types of hypotheses that analysts look for while threat hunting:
- Analytics-Driven: Considers user and entity behavior analytics (UEBA) and machine learning to develop accumulated risk scores and further hypotheses
- Intelligence-Driven: Fueled by threat intelligence reports, feeds, malware analysis and vulnerability scans
- Situational-Awareness Driven: Uses enterprise risk assessments or Crown Jewel analysis, evaluating a company or individual’s trends
There are a variety of trustworthy vendors that offer threat-hunting software and services. If you are not looking into investing in a commercial, paid software plan that can run your company a lot of money, there are plenty of free tools online that IT security analysts or those looking to secure threats on their network can use to stay protected.
This is a data-mining tool that renders interactive graphs for link analysis. It’s used most frequently in online investigations by finding relationships between portions of data from various sources of the internet. Maltego CE automates processes of different query resources and displays a graph that’s useful for link analysis.
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Mahwish Khan. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/HvFiptVbg-A/