DEFINATION AND INTRODUCTION ON

THREAT HUNTING
THIS CONCEPT CAN BE DEFINED AS “…THE PROCESS OF PROACTIVELY AND ITERATIVELY SEARCHING THROUGH
NETWORKS TO DETECT AND ISOLATE ADVANCED THREATS THAT EVADE EXISTING SECURITY SOLUTIONS.” THREAT
HUNTING IS THE PRACTICE OF PROACTIVELY GOING AFTER CYBER THREATS RATHER THAN WAITING FOR AN ALERT TO
START INVESTIGATION AND REMEDIATION. THE MORE QUICKLY THAT A THREAT IS IDENTIFIED AND REMEDIATED IN
THE CYBER ATTACK LIFECYCLE, THE LESS DAMAGE THAT THEY CAN DO TO THE ORGANIZATION.
 EXAMPLE OF THREAT HUNTING

Threat hunting can mean slightly different things to different organizations and analysts. For example, some
believe threat hunting is based entirely on difficulty. If the activity is simple, such as querying for known
indicators of compromise (IOCs) or searching for POSTs to IP hosts without referrers, it may not be
considered threat hunting. On the other hand, searching for things that could be indicative of malicious
activity and require analysts to sift through benign traffic may be viewed as threat hunting.
 WHY IS THREAT HUNTING IMPORTANT

Robotically identifies the threat

Prevention of data thieve.
Indicators of compromise.
Analysis of the data thief.
COMMON THREAT HUNTING TECHNIQUE
SEARCHING
CLUSTERING
GROUPING
STACK COUNTING
 DEMOCRATIZING THREAT HUNTING
AUTOMATING THE CYBERSECURITY SYSTEM.
CONTINUOUS CUSTOMIZATION OF PROGRAMME.
AWAKEN OF SECURITIES SYSTEM.
STEPS FOR DEMOCRATIZING THREAT HUNTING.
 WHY IS THREAT HUNTING GOOD
FOR ?
TO PREVENT THE LEAK OF DATA
FUTURE DETECTION OF THREAT
GOING FROM TRADITIONAL TO MODERN TECHNIQUE
TO PROTECT THE DATA FROM THE ATTACKERS
TO AVOID STEALING THE DATA BY THE THIEF
A BIG LIE IN THREAT HUNTING

Depending on who you ask, threat hunting has been around for upwards of 20 years, with the job title, “threat
hunter,” originating in the last 6-7 years. Today, there are nearly 1500 profiles on LinkedIn with this title (up 50% just
over last year), reflecting perhaps the explosion of popularity of threat hunting in the enterprise and the “cool factor”
of the name.
The big lie in threat hunting is that this practice (as usually implemented) is really not proactive, with the major focus
being on trailing indicators vs leading indicators.
To understand this better, let’s take a closer look at the “threat indicators” typically used.
• Indicators of Attack (IOA).
• IOR Detection.
CONCLUSION

Threat hunting has demonstrated itself to be very effective and is gaining momentum, as companies look
for ways to improve security and eliminate threats. As zero-days and advanced persistent threats (APT)
continue to challenge security staff, analysts are adopting threat hunting platforms to uncover attacks more
rapidly. Given the impossibility of 100% detection rates, as well as the inability of traditional tools such as
IDSs to address completely the security needs of modern organizations, there is a dire need to establish
security teams who can actively “hunt” for threats targeting their organizations. The adoption of threat
hunting thus signals a transition from reactive strategies to proactive ones, with companies looking for
ways to tackle problems in a more timely and efficient way.
THANK YOU