Back to glossary

Cyber Threat Hunting

A proactive security exercise where analysts search through networks to detect and isolate advanced threats that have evaded existing security solutions.

Categorysecurity

Overview

Cyber Threat Hunting is the process of proactively and iteratively searching through networks or datasets to detect and isolate advanced threats that evade existing security solutions. It assumes that a breach may have already occurred and seeks to find the 'silent' attacker.

The Hunting Process

  1. Hypothesis: Developing a theory about how an attacker might be hiding based on threat intelligence.
  2. Investigation: Using tools like EDR or SIEM to search for evidence that supports or refutes the hypothesis.
  3. Detection: Identifying malicious activity or patterns.
  4. Response: Isolating the threat and hardening the environment to prevent future occurrences.

Importance

Threat hunting reduces the 'dwell time' of attackers (the time they remain undetected), significantly lowering the potential impact of a breach.

Related Terms

Threat IntelligenceIndicators of AttackAdvanced Persistent Threat