- The threat hunting is the active search for potential threats that put the security of a cyber network at risk
what is the threat hunting
The threat hunting It is the active search for potential threats that put the security of a cyber network at risk.
This strategy aims to identify, evaluate and neutralize dangers to ensure the good performance of a site, digital platform or virtual workspace.
It consists of searching for threats iteratively across networks to detect indicators of compromise (IoC) and threats such as Advanced Persistent Threats (APT) that bypass your security system.
Cybersecurity experts use software and threat hunting tools to locate and intercept hidden attacks.
If we take into account that up to 20 % of threats are not detected by automated security tools such as antivirus or firewalls, it is logical that many companies incorporate equipment into their workforce threat hunters that mitigate the effects of attacks and keep your data safe.
Main feature
The most important feature of threat hunting It's your focus. We are talking about a proactive approach to threats and this means that it is not a response to incidents, although they are connected, since based on the results of the investigation and conclusions it is possible to establish new indicators of attack or compromise.
The measurements of threat hunting They try to supply what more traditional tools cannot see.
Stages of threat hunting
These are the three stages of threat hunting:
Search
Companies with a digital presence are always exposed to danger, a fact that requires maintaining a threat detection team that constantly monitors programs, platforms and networks.
Investigation
We investigate where the threats are located, where they come from and how to act. It is recommended that, before acting, you create a map of the extent of the threat and the changes registered in your system.
Resolution
In it threat hunting, The resolution phase refers to the strategic planning of the response, not the solution itself. Digital threats, viruses, malware and spam They change constantly and you have to stay up to date on cybersecurity.
Organizations that practice threat hunting They operate under the concept of “assuming the gap.” These organizations seek to improve their security posture by reducing the risk of attackers and their malicious activity disrupting, damaging, or stealing organizational assets. To do this, they identify the presence of these activities as soon as possible, thus minimizing the opportunity for adversaries to remain active under the radar for a longer period of time, and directly causing a reinforcement of visibility, monitoring and detection in already existing security solutions.
EN 
ES 
FR