There remains a lack of definition and a formal model from which to base threat hunting operations and quantifying the success of said operations from the beginning of a threat hunt engagement to the end that also allows analysis of analytic rigor and completeness. The formal practice of threat hunting seeks to uncover the presence of attacker tactics, techniques, and procedures (TTP) within an environment not already discovered by existing detection technologies. This research outlines a practical and rigorous model to conduct a threat hunt to discover attacker presence by using six stages: purpose, scope, equip, plan review, execute, and feedback. This research defines threat hunting as the proactive, analyst-driven process to search for attacker TTP within an environment. The model was tested using a series of threat hunts with real-world datasets. Threat hunts conducted with and without the model observed the effectiveness and practicality of this research. Furthermore, this paper contains a walkthrough of the threat hunt model based on the information from the Ukraine 2016 electrical grid attacks in a simulated environment to demonstrate the model’s impact on the threat hunt process. The outcome of this research provides an effective and repeatable process for threat hunting as well as quantifying the overall integrity, coverage, and rigor of the hunt. The paper is available here.
-
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. …
Load More Related Articles
-
Analysis of the AmCache
Frequently overlooked and understudied, this database is rarely fully exploited when doing… -
Successful Insider Threat Investigations
No two insider threat investigations are ever the same—but a standardized process can help… -
Whitepaper: Acquiring and Parsing Data from iOS 11 Devices
Over its last few releases, Apple’s iOS—the operating system running on iPhones, iPads, an…
Load More In White Papers
Comments are closed.