Threat Hunting and Incident Response

What are the 4 steps to the threat hunting methodology?

1. Hypothesis 2. Investigate via TTPs 3. Uncover new patterns and TTPs 4. Inform and enrch analytics

What is Incident Response?

Incident response is the systematic approach taken by an organization to prepare for, detect, contain, and recover from a suspected cybersecurity breach

What are the ultimate goals of threat hunting?

1. Lower than average dwell time 2. Impose cost on adversaries - Make them change their TTPs! 3. Detect malicious behavior quicker and more frequently

What are the 6 steps to incident response?

1. Preparation 2. Identify 3. Containment 4. Eradicate 5. Recover 6. Lessons Learned

What is threat hunting?

The practice of proactvely searching for cyber threats that are lurking undetected in a network.