Threat Hunting with Security Onion.md - Juan-bit94/Ops401D10 GitHub Wiki
Threat Hunting with Security Onion
Why does this topic matter?
Threat hunting in cybersecurity is crucial because it allows an organization to take a proactive approach against advanced threats that evade traditional security measures.
Searching for signs of malicious activity or even indicators of compromises can reduce down time and enhance incident response.
How are Threat Hunting and Pentesting different?
Here is a breakdown of the difference between threat hunting and pen-testing.
Threat hunting
It's an active/proactive activity.
You use tools, techniques, and data sources to identify threats that may have evaded traditional security measures.
Pen-testing
Its a controlled simulation of a cyber attack carried out to identify vulnerabilities.
The goal of pen-testing is to assess the security posture and identify weaknesses that threat actors could exploit.
What is the primary objective of Threat Hunting?
The primary objective of threat hunting is to proactively detect and respond to advanced threats that may have bypassed traditional security controls.
These security controls can include firewalls, antivirus software, or IPS and IDS.
Professional security professionals look for indicators of compromise (IoC).
Your organization has a fully functioning SOC but not active Threat Hunting. How would you advocate for your security organization to start Threat Hunting activities?
I would explain to the stakeholders that SOC is great for monitoring and responding to known threats, but there are sophisticated or even emerging threats that could evade detection.
I would also add that its better to be proactive, seeking out threats before a trigger or alert happens is always preferable.
Things I want to know more about.
I would like to know more about threat intelligence feeds and how they can inform threat hunting activities.
I would also like to know how to stay informed about the latest trends and developments in the cyber threat landscape.