Threat hunting has become a bit of a buzzword within the information security industry and depending on who you ask, you’re likely to get a different response from person-to-person. There is no industry standard for what a threat hunting process looks like, but there are a few characteristics present in most descriptions of the process.

1. Threat hunting is conducted by a human analyst to learn more about their network, understand the disposition of their environment, and potentially uncover some risky or adversarial behaviors. Security analysts can use whatever tools are available to them, including those leveraging automation and machine learning, but the overall process is executed by a person.
2. Threat hunting is proactive. If you’re reacting to an alert, that’s an investigation or incident response motion. Threat hunting is all about proactively developing and testing hypotheses based on a combination of data and human knowledge on the part of the security analyst, in the hopes of uncovering security gaps or adversary behaviors that have not been detected by automated tools yet.

A side benefit of the exploratory nature of threat hunting is that it can help security analysts gain a better understanding of the environment they’re responsible for securing, and can help even less experienced analysts hone their instincts to better understand and respond to threats.

Reveal(x) is enterprise network traffic analysis that provides complete visibility, real-time detection and guided investigation. Unlike traditional tools that rely on sources like Netflow and logs, Reveal(X) lets SOC teams look within network traffic- even encrypted traffic- to detect unknown and known threats, as well as risky behavior, in real time. Extrahop helps even junior analysts move from detection through response easily, within a few clicks.

To learn more, speak with a Lifeboat Sales Representative today!