Skip to content

Ops 401: Class 33

Jump to bottom
Nicholas Loiacono edited this page Jun 1, 2023 · 1 revision

This topic matters as it relates to what I'm studying in this module because pentesting involves simulating attacks to find vulnerabilities before real attackers do, while threat hunting is a proactive process of actively searching for signs of threats or compromises. Threat hunting aims to detect and confirm threats before they cause damage and fill gaps in security that other tools may miss. It allows for faster threat detection and response, improving overall security.

  • Threat Hunting and Pentesting differ mainly in their approach and purpose. Pentesting, or penetration testing, involves simulating an attack on a system to find vulnerabilities before the actual bad actors do. It's like a planned drill. On the other hand, threat hunting doesn't wait for an alarm or breach to happen. It is a proactive process where security experts are actively searching our systems for signs of potential threats or compromises, it's like a continuous patrol.

  • The primary objective of threat hunting is to actively and proactively search our internal systems for signs of a compromise. It aims to detect threats before they cause damage and give a confirmation whether our network is in a secure state or not. A successful threat hunt can confirm if all systems are in good shape, or if there are certain systems that require further investigation due to signs of possible compromise.

  • Even with a fully functioning Security Operations Center (SOC), it's important to have active threat hunting. Current security tools are either protection-based or response-based, but they may not always connect the two effectively. Log analysis, a common method of detection, often fails to detect breaches quickly. Many breaches are only discovered after months, and most often by a third party, not our own systems. This shows a gap in our security, a gap that threat hunting can fill. Threat hunting will give us the ability to actively look for signs of compromise, instead of waiting for an alert or a third-party notification. This could dramatically decrease the time it takes to detect and respond to threats, improving our overall security posture.

Things I want to know more about are methodologies and techniques, tools and technologies, legal and ethical considerations, reporting and communication, and continuous improvement and learning.

References

Brenton, C. (2020, March 10). What Is Threat Hunting and Why Is It so Important? – Video Blog. Active Counter Measures. Threat Hunting

Clone this wiki locally