Read my article on how to threat hunt like a pro on Recorded Future’s blog:
https://www.recordedfuture.com/cyber-threat-hunting/
Here’s an excerpt of this article:
As the saying goes, the best defense is a good offense. When it comes to cybersecurity, that means shifting from merely responding to intrusions and attacks to actively searching out threats and destroying them. Having the capacity and know-how to make this stance shift is a key element of a mature information security operations center (SOC), says Ismael Valenzuela, who recently gave a presentation on threat hunting at RFUN 2017.
Valenzuela has worked in cybersecurity for decades and has been a member of the Foundstone team at McAfee for six years, performing incident response in the United States, Europe, and the Middle East. He is also a SANS-certified instructor who has taught classes on continuous monitoring, forensics, and security operations for the past seven years.
During his presentation, Valenzuela talked extensively about the difference between incident response and threat hunting, focusing on the qualities that a SOC needs to effectively hunt threats and some of the challenges they face, as well as what he called the three big “knows” that every SOC should focus on: knowing your enemy, knowing your network, and knowing your tools. He concluded his talk with a look at how automation, artificial intelligence, and machine learning are impacting the field, arguing that they are ultimately just new tools that can supplement, but never replace, a team of experienced humans.