How to Initiate a Threat Hunting Program?(Part 2)

How to Initiate a Threat Hunting Program (Part 2)?

6.   Responding to Threat or Vulnerability

In the previous steps, analysts have gathered enough data to answer their hypothesis. Two types of situations can occur. Either the real threat is found or the vulnerability is detected. In both cases, analysts action is necessary. The analysts must respond immediately when a real threat is identified. However, if there is any vulnerability, they should also resolve this before it becomes a really big nightmare.

Continue reading

How to Initiate a Threat Hunting Program (Part 1)?

Over the past many years, cyber threats have become greater in frequency and more sophisticated than ever. Current security mechanisms are based on traditional reactive approaches such as antivirus programs and firewalls who react once the incident has occurred. Under such circumstances, intruders have a chance to compromise your network either partially or entirely. In order to prevent this situation from happening, security practitioners initiate a threat hunting program as a vital part of their Security Operation Center (SOC).

Continue reading

Emerging Technologies and Threat Trends in Cyberspace

There are a lot of definitions of cyberspace. Military agencies typically consider it the fifth domain after space, sea, air, and the land. However, there is a fundamental difference between these four domains and the cyberspace, which is that (unlike cyberspace) these four are geographical in nature. Whereas, cyberspace is a dynamic field. It does not hold any specific geographical area. We can say that cyberspace can be embedded in all other domains as it is transforming continuously. With its expansion, threat or attack surfaces are also expanding proportionally.

Continue reading

Building and Evaluating a Threat Intelligence Program (Part 1)

In the previous post, we discussed the basics of Threat Intelligence and its types by throwing light on the concept of knowns and unknowns. In information security, any information which can aid the internal security team in the decision-making process and reduce the recovery time accordingly is considered as threat intelligence. This first part in this series of articles will discuss threat intelligence cycle and its importance.

Continue reading