Information Security

Threat Hunting vs Threat Intelligence

Threat Hunting

Threat hunting can be labeled as a process that looking for any bad actors on the network connection actively. Threat hunting will be focusing on the process on the pattern matching over the network communication which verifies the actor’s special traits against statics patterns.

Due to technology that been emerging nowadays, the biggest obstacle in threat hunting would be verification of a common language with a set of processes.

The process of proactive cyber threat hunting typically involves three steps: a trigger, an investigation, and a resolution.

Threat Hunting Process

First step: Trigger

Threat hunters that will trigger a specific system or area of the network to verify advanced detection tools for further investigation. This process will verify and identify any unusual actions.

Second Step: Investigation

In the Investigation process, threat hunters will use some technology to look deep into any potentially malicious code that damage the system itself. This process will continues until the system have been redeemed safe to be used to other people.

Third Step: Recommendation

During Recommendation process will include communication between the teams in terms of any malicious activity that might be residing in the system.

Threat Intelligence

Threat Intelligence is a little different from Threat Hunting which Threat Intelligence will gather a group of data related to existing threat actors that have been spread in the wild. Normally, all the information gathered will be delivered to upper management in organizations via a feed of threat intelligence.

Threat Intelligence team can report any activities of any certain threat actors and make clarification on the tools and process. The main objective for the Threat Intelligence would be to ensure the contextualizing of the information and analyze the information which it will be used for the decision-making process later on.

Leave a Reply

Your email address will not be published. Required fields are marked *