The human body has been said to be ‘at war’.
Our bodies are constantly under attack from things that are trying to do it harm. These include toxins, bacteria, fungi, parasites and viruses. All of these can, under the right conditions, cause damage and destruction to parts of the body and if these were left unchecked, the human body would not be able to function. It is the purpose of the immune system to act as the body’s own army, in defence against this constant stream of possible infections and toxins.
While we’re all familiar with the immune system, it’s less well-known that its ability to build resilience against attacks comes from two broad groups called the innate and the acquired immune systems. Each plays a specific role in building a robust security posture for the body.
The innate immune system is comprised of defences like the skin, lungs, eyes, stomach – all aimed at stopping the infection from getting into the body in the first place.
But our bodies are smart enough to know that infectious agents can and will get through the perimeter defenses, and so it has developed a second set of defenses. For example, our white blood cells exist to seek out and destroy foreign organisms.
The story of the human immune system shares many parallels with the challenges faced by today’s enterprises. Just like the human body, enterprises are under constant attack with 230,000 new malware attacks launched every day. And just as the human body has multiple layers of security, progressive organizations are building resilience against these mounting threats by embracing a layered approach to security.
Security leaders are beginning to understand, just like the human body, that perimeter based defense systems are not ironclad and that threat actors will, eventually, get in. In response they’re developing ‘white blood cells’ of their own in the form of new capabilities that will proactively hunt out threats and neutralize them.
Real time threat hunting has many benefits. It allows security analysts to focus on the most credible threats and to build a robust story around an event as it unfolds. CIOs are able to manage risk by arming the front line with tools, techniques and procedures to identify unknown and internal threats and increase team productivity.
This guide will help you to operationalize the realtime threat hunting methodology by unpacking which indicators of attack and compromise to monitor along with presenting threat hunting scenarios to further
assist the SOC analyst in their threat hunt for a potential breach on their network.