2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Six Steps to Successful And Efficient Threat Hunting

apple-touch-icon.pngSix Steps to Successful And Efficient Threat Hunting>
Sentinel One Blog – Resha Chheda
In this post, we discuss threat hunting, why itâs essential, and how you can enable your team to adopt efficient hunting strategies with the SentinelOne Platform.

1) Ensure You Have The Right Data. No data, no hunt. Period! All successful threat hunting begins with having the right data to answer the right questions. Just having the raw data is not enough; you also need to ensure that you have context surrounding the data. 2) Baseline To Understand Whatâs Normal In Your Environment Threat hunters need a solid understanding of the organizationâs profile, business activities that could attract threat actors, such as hiring new staff or acquiring new assets, and companies.

3) Develop A Hypothesis In a hypothesis-driven workflow, a hunt starts with creating a hypothesis, or an educated guess, about some type of activity that might be going on in your environment. Using Open-source intelligence (OSINT) tools and frameworks like MITRE ATT&CK works effectively if you know what you are looking for.

Ideas can be derived from the following sources:

MITRE ATT&CK framework Threat Intelligence reports Blogs, Twitter, and conference talks Penetration testing 4) Investigate & Analyze Potential Threats Although threat hunting starts with a human-generated hypothesis, threat protection tools, like SentinelOne, make the investigation more efficient. 5) Rapidly Respond To Remediate Threats The response should distinctively define both short term and long term response measures that will be used to neutralize the attack. 6) Enrich And Automate For Future Events Finally, successful hunts form the basis for informing and enriching automated analytics. The final step in the threat hunting practice is to use the knowledge generated during the threat hunting process to enrich and improve EDR systems. This way, the organizationâs global security is enhanced thanks to the discoveries made during the investigation.
Link: https://www.sentinelone.com/blog/six-steps-to-successful-and-efficient-threat-hunting/

Categories:

Tags: