Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.

Threat hunting means to proactively search for malware or attackers that are hiding in your network — and may have been there for some time.

Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.

And at the same time, they might be there to harness your computing resources for use in the #Botnet army under the control of a #CnC

When the traditional protections we have in an organization fails to detect #APT , then threat hunting is the only way to help discover them.

Basic security hygiene and properly implemented #EDR, firewalls and other automated security tools should stop the majority of threats from getting in.

But most time, these malware and attackers are able to get into our network through applications we deemed legitimate. And once an attacker has sneaked into our network undetected, there’s often not much to stop them from staying there.

According to a research, it takes on an average of 191 days for a cybercriminal (considering all forms of #TTPs) to be discovered once they're on your network.

This is a great long time ⌚ to cause the havoc they intended, which can undermine business continuity and existence.

In contrast to a cyber #forensic , which is designed to work out what went wrong after an attack, #ThreatHunting aims to track down these waiting attackers and stop them in their tracks before they have the chance to cause real damage.

The question now should be what do we need to start #ThreatHunting?

To start, having a fairly mature security setup capable of ingesting multiple sources of information and storing it in a way that lets you access it, is key to the success of #ThreatHunting. Every organization must as well show commitment and readiness towards it.

What should be included in the basic setup every organization need to have a successful #ThreatHunting are; automated blocking and monitoring tools such as #firewalls,#IDS/#IPS, #EDR, network packet capture, and #SIEM.

And most importantly is a platform that will give you a step ahead of the attackers needs to be on ground. Provision of access to #ThreatIntelligence resources so you can look up IP addresses, malware hashes, #IOCs, URL reputation, C2 activities and more.

A tool that allows the organization to bring together all of these disparate data sources and slice and dice them in a way that reveals actionable intelligence with the least possible effort will also be required.

As soon as we can bring all tools in place and working together, the need for a #team with enough people and #skills to manage the technology and vast amount of data involve is required.

#ThreatHunting  is an advanced and complex task, but with the right people, technology and questions, it can make help reposition your organization's security posture for the better and prevent major problems before they occur.

#ThreatHunting Loop