Threat Hunting

Wentz’s Risk Model

I conclude threat hunting as “a search and detection on networks for resided adversaries and their malicious activities” based on the following definitions:

  • In the 2017 Threat Hunting Survey, the SysAdmin, Audit, Network, and Security (SANS) Institute (Lee & Lee, 2017) defines threat hunting as, “a focused and iterative approach to searching out, identifying and understanding adversaries that have entered the defender’s networks.
  • Sqrrl (2016) defines threat hunting as, “… the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
  • Endgame defines hunting as, “the process of proactively looking for signs of malicious activity within enterprise networks without prior knowledge of those signs, then ensuring that the malicious activity is removed from your systems and networks.” (Scarfone, 2016, p. 1).
  • For this paper, “hunting” is defined as the proactive detection and investigation of malicious activity within a network. Similarly, a “hunt team” is a group of individuals dedicated to performing a hunt on a given network.

Source: MITRE TTP Based Hunting

References

Leave a Reply