New Training: Proactive Threat Hunting
In this 7-video skill, CBT Nuggets trainer Jacob Moran teaches you how to establish a threat hunting hypothesis, how to profile threat actors, and how to control the attack surface area. You’ll also gain an understanding of attack vectors and learn how modern software techniques such as AI can be used to create a more successful threat hunting environment. Watch this new CompTIA training.
Watch the full course: CompTIA Cybersecurity Analyst
This training includes:
33 minutes of training
You’ll learn these topics in this skill:
What is Proactive Threat Hunting?
Establishing a Proactive Threat Hunting Hypothesis
Profiling Threat Actors and Activities
Threat Hunting Tactics
Controlling the Attack Surface Area and Critical Assets
Identifying Attack Vectors
Leveraging Improved Detection and Integrated Intelligence
Proactive Threat Hunting and How to Get There
Humans are reactive in nature, but in the IT world they have to be proactive. Proactive Threat Hunting requires looking for threats in areas you would not expect them to be in.
In the past signature-based rules, looking for a code match, were used by threat-hunting automation but those rules meant the threat was already out there and had possibly already done the damage. It was also primarily limited in scope to PCs and servers. It was not proactive but made it easy for the IT technicians since all they had to do was apply a new definition file and now, they were looking for the new threat that someone else had already identified.
Now we need to be more proactive. IT technicians need to make a base image of code, data, file hashes, etc. on all of the devices that make up the network (e.g., routers, servers, etc.). When anything changes that image outside of the norm, then it is probably being done by a threat. Use your eyes, automated processes or AI to search through your systems and network so you can detect something hiding in there before it does any damage.