The expression “assume breach” has become common in the information security industry. Far too often, intrusions go undetected for extended periods of time or until an external party discovers a breach and notifies the organization. Given the increasingly targeted and even personalized nature of attacks, network defenders must move beyond a reactive posture and instead hunt for unknown breaches. This systematic pursuit of unknown adversaries is known as threat hunting.
Hunting is not without its challenges. Defenders must be able to sift through mountains of data to rapidly detect and address a compromise. How is this done? You can get a taste of hunting threats on the cheap by making use of free and open source tools to analyze host and network data. This can demonstrate the power of hunting and perhaps whet your appetite for a full-featured threat hunting platform.
To read this article in full or to leave a comment, please click here