Intelligent CISO Issue 72 | Page 15

LATEST intelligence

THREAT HUNTING GUIDE

HOW TO THREAT HUNT WITH OPEN NDR + MITRE ATT & CK ®

his Threat Hunting Guide was created

T to teach you simple and relevant ways to discover attacks before they happen using Corelight network data . This document – organized around the MITRE ATT & CK ® framework – is designed to help you develop a theory for threat hunting and establish prioritization . matching , which is only watching for well-known signs of attackers , for example , IP address ( es ) or file hash . Usually conducting a threat hunt involves researching a theory , or hunch , and then analyzing data looking for something interesting . Items that are interesting can take many shapes , for example in The Cuckoo ’ s Egg , by Clifford Stoll an accounting error initiated the hunt .

MITRE ATT & CK is a globally-accessible knowledge base of adversary tactics and techniques based on real world observations . It ’ s used as a foundation for specific threat models and methodologies in the private sector , government , and the cybersecurity industry . With the creation of ATT & CK , MITRE is fulfilling its mission to solve problems for a safer world – by bringing communities together to develop more effective cybersecurity . ATT & CK is open and available to any person or organization for use at no charge .
What is threat hunting ?
At a high level , threat hunting is actively looking for adversaries in your network when you don ’ t know if they ’ re inside . This is different from indicator
“ Dave wandered into my office , mumbling about a hiccup in the Unix accounting system . Someone must have used a few seconds of computing time without paying for it . The computer ’ s books didn ’ t quite balance ; last month ’ s bills of $ 2,387 showed a 75-cent shortfall .”
This 75-cent difference was the indicator that led to the discovery of multiple corporations and government systems that were compromised . The term “ interesting ” is used throughout this guide and it is only limited by your imagination .
PRESENTED BY
Download whitepaper at :
WWW . INTELLIGENTCISO . COM 15