THREAT HUNTING
Threat hunting is a proactive research activity whose intention is to recognise unknown threats within the infrastructure. The process entails the method of researching and examining the development of a group of hypotheses with the help of technological tools which enable creative detection work and initiate the courses of any subsequent activities based on new findings. Threat hunting techniques shift companies from a reactive response to proactive recognition, enabling them to advance in their fight with the opponent.
Main challenges:
1. Data increase
SOC is troubled by the high rates of data increase and the organisation changes, which effects visibility. This is worsened by the ever-growing attack surface with new applications and services which are constantly increasing.
2. High price
SOC expenditures for licenses and data storage consist of overly expensive collection and storage of complete security data for a detailed and historical analysis.
3. Slow queries
Launching queries for large amounts of data can slow down the response time. It can take hours for conventional solutions to carry out queries due to scalability and execution issues, which poses a risk for the ability of the organisation to recognize and respond to a threat in due time.
4. Lack of context
Threat hunting requires a relevant context in order to recognise an indicator of compromise but connecting several points to several data petabytes and with products with several points can be difficult and take a lot of time.
5. Modern threats are very complex. Threat actors can now modify the attacks at the very moment of attacking, requiring the analysts to dynamically hunt tactics, techniques and procedures (TTP).
