Threat Hunting for Dummies


Adversaries, and cybercriminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect that organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”
Threat hunting is the proactive technique that’s focused on the pursuit of attacks and the evidence that attackers leave behind when they’re conducting reconnaissance, attacking with malware, or exfiltrating sensitive data. Instead of just hoping that technology flags and alerts you to the suspected activity, you apply human analytical capacity and understanding about environment context to more quickly
determine when unauthorized activity occurs. This process allows attacks to be discovered earlier with the goal of stopping them before intruders are able to carry out their attack objectives.
Until there were tools available that could give analysts a data‐centric view of what was going on in their environments, all organizations had were the time‐proven, but no‐longer‐effective, log review techniques for discovering that the horse escaped from the barn yesterday, last week, or even last year.
Cb Response is one of these data‐centric tools. More than that, Cb Response is an industry‐leading tool that puts wheels on the threat hunting bus and gives threat hunters the upper hand in today’s cyberwars.

About This Book
Threat Hunting For Dummies, Carbon Black Special Edition, introduces the concept of threat hunting and the role it plays in the protection of your organization’s systems and information.
Many organizations have yet to start a threat hunting program, 2 Threat Hunting For Dummies, so this book explains what threat hunting is for and how to get a program off the ground. You will better understand how threat hunting works and why it’s needed. It will become apparent to you that threat hunting is an essential component in an organization’s security program.
While threat hunting requires specific tools and technology, a successful program requires far more: motivated, trained personnel; collaboration across IT and the business; a desire to make needed improvements to keep attackers out; local context, environmental understanding, and differentiation
between what’s expected and not.


Leave a Reply

Your email address will not be published. Required fields are marked *