, 19 tweets, 7 min read Read on Twitter
Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.
Threat hunting means to proactively search for malware or attackers that are hiding in your network — and may have been there for some time.
Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.
And at the same time, they might be there to harness your computing resources for use in the #Botnet army under the control of a #CnC
When the traditional protections we have in an organization fails to detect #APT , then threat hunting is the only way to help discover them.
Basic security hygiene and properly implemented #EDR, firewalls and other automated security tools should stop the majority of threats from getting in.
But most time, these malware and attackers are able to get into our network through applications we deemed legitimate. And once an attacker has sneaked into our network undetected, there’s often not much to stop them from staying there.
According to a research, it takes on an average of 191 days for a cybercriminal (considering all forms of #TTPs) to be discovered once they're on your network.
This is a great long time ⌚ to cause the havoc they intended, which can undermine business continuity and existence.
In contrast to a cyber #forensic , which is designed to work out what went wrong after an attack, #ThreatHunting aims to track down these waiting attackers and stop them in their tracks before they have the chance to cause real damage.
The question now should be what do we need to start #ThreatHunting?
To start, having a fairly mature security setup capable of ingesting multiple sources of information and storing it in a way that lets you access it, is key to the success of #ThreatHunting. Every organization must as well show commitment and readiness towards it.
What should be included in the basic setup every organization need to have a successful #ThreatHunting are; automated blocking and monitoring tools such as #firewalls,#IDS/#IPS#EDR, network packet capture, and #SIEM.
And most importantly is a platform that will give you a step ahead of the attackers needs to be on ground. Provision of access to #ThreatIntelligence resources so you can look up IP addresses, malware hashes, #IOCs, URL reputation, C2 activities and more.
A tool that allows the organization to bring together all of these disparate data sources and slice and dice them in a way that reveals actionable intelligence with the least possible effort will also be required.
As soon as we can bring all tools in place and working together, the need for a #team with enough people and #skills to manage the technology and vast amount of data involve is required.
#ThreatHunting  is an advanced and complex task, but with the right people, technology and questions, it can make help reposition your organization's security posture for the better and prevent major problems before they occur.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Hamzah 'Lateef
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!