CYBER HUNT

CYBER HUNT OVERVIEW

Cyber Hunting is an iterative process that should be carried out in a loop to continuously look for adversaries hidden in vast datasets. Hunting begins with a hypothesis and should be carried out based on questions that the analyst wants to answer. Sqrrl’s Threat Hunting framework defines three types of hypotheses:

SERVICE METHODOLOGY

Cyber Hunting is an iterative process that should be carried out in a loop to continuously look for adversaries hidden in vast datasets. Hunting begins with a hypothesis and should be carried out based on questions that the analyst wants to answer. Sqrrl’s Threat Hunting framework defines three types of hypotheses:

  • Intelligence-Driven: Created from threat intelligence reports, threat intelligence feeds, malware analysis, vulnerability scans
  • Situational-Awareness Driven: Crown Jewel analysis, enterprise risk assessments, company- or employee-level trends
  • Analytics-Driven: Machine-learning and User and Entity Behavior Analytics, used to develop aggregated risk scores that can also serve as hunting hypotheses

The outcomes of hunting trips, including newly discovered Indicators of Compromise (IoCs) and Tactics, Techniques and Procedures (TTPs), should be stored and used to enrich automated detection systems and analytics. Strengthening your automated detection systems is the ultimate goal of hunting.

 

CONTACT US

Contact us today and see what NSSPlus can do for you.

Contact us today