How can you tell if someone has broken into your house when the alarm hasn't triggered?
This is a very relevant question, in the context of cybersecurity it must keep CISOs up at night.
Threat hunting is not penetration testing, in fact, it's quite the opposite. The goal is to apply a range of analytical procedures coupled with attack models and diverse expertise across a range of technical disciplines to confirm or deny if the system has been compromised.
As part of a hunt, a threat hunter will utilise a range of models such as the OODA loop and Cyber Kill Chain amongst others to form a hypothesis, they will seek to gather all of the relevant data from all available sources to allow them to analyse the data for anomalies that may support the hypothesis and they will report back on the outcome of their findings.
The overall goal is not to fix the vulnerability that was exploited and allowed the system, network or service to be compromised but to enable other security functions to improve their detective capability and to allow them to close the gaps that were exploited by the adversary.
Cyber Defence Operations Limited is a limited company registered in England and Wales. registered number: 12118657. Registered office: 71-75 Shelton Street, London, WC2H 9JQ. ‘CyDefOps’ and ‘CDO’ are trading names used by Cyber Defence Operations Limited. Copyright © - All Rights Reserved.
Powered by the tears of blackhats