Recommandé
Recommandé
Contenu connexe
Similaire à Threat Hunting Threat hunting is a proactive approach to cybersecurity Techniques.pdf
Similaire à Threat Hunting Threat hunting is a proactive approach to cybersecurity Techniques.pdf (20)
Plus de Infosec train
Plus de Infosec train (20)
Dernier
Dernier (20)
Threat Hunting Threat hunting is a proactive approach to cybersecurity Techniques.pdf
- 2. 1. Behavioral Analysis @infosectrain # l e a r n t o r i s e • Description: This technique involves analyzing the behavior of applications, networks, and users to identify anomalies that could indicate a se curity threat. • Example: Monitoring for unusual data transfers or high volumes of outbound traffic which could in dicate data exfiltration.
- 3. 2. Endpoint Threat Hunting @infosectrain • Description: Focuses on collecting and analyzing data from endpoints to identify malicious activities. • Example: Searching for signs of malware or malicious scripts running on user devices. # l e a r n t o r i s e
- 4. 3. Network Traffic Analysis @infosectrain • Description: Involves monitoring, capturing, and analyzing network traffic to identify suspicious patterns. • Example: Identifying patterns of traffic that match known command and control (C2) servers. # l e a r n t o r i s e
- 5. 4. Log Analysis @infosectrain • Description: Analyzing log files from various sources to identify signs of security incidents or compromises. • Example: Correlating log entries to identify unauthorized login attempts across multiple systems. # l e a r n t o r i s e
- 6. 5.Threat Intelligence Matching @infosectrain • Description: Comparing observed indicators of compromise (IOCs) against known threat intelligence feeds. • Example: Matching file hashes or IP addresses against threat intelligence databases to identify known malicious entities. # l e a r n t o r i s e
- 7. 6. User Behavior Analytics (UBA) @infosectrain • Description: Analyzing user behavior to identify activities that deviate from established baselines. • Example: Detecting a user accessing sensiti data at unusual hours, indicating potential in sider threat. # l e a r n t o r i s e
- 8. 7. Memory Analysis @infosectrain • Description: Examining the memory state of a computer or server to identify signs of malicious activity. • Example: Identifying malicious processes or injected code residing in memory. # l e a r n t o r i s e
- 9. 8. Deception and Decoy @infosectrain • Description: Deploying honeypots and other deceptive measures to lure and analyze attackers. • Example: Setting up a decoy database to attract and analyze SQL injection attacks. SQL 010010100101001101100111 0010011001010001001100 1100100100100011000100 011001100001111100100110 01001100101000100110011 001001001000110001000 11011001001100101000100 1100110010010010001100 01000110 # l e a r n t o r i s e
- 10. 9. File Integrity Monitoring @infosectrain • Description: Monitoring critical system and configuration files for unauthorized changes. • Example: Detecting unauthorized modifications to system configuration files indicating compromise. # l e a r n t o r i s e
- 11. 10. Data Enrichment @infosectrain • Description: Enhancing raw data with additional context or information to improve threat detection. • Example: Adding geolocation data to network logs to identify suspicious access from unusual locations. # l e a r n t o r i s e
- 12. To Get More Insights Through Our FREE FOUND THIS USEFUL? Courses | Workshops | eBooks | Checklists | Mock Tests LIKE FOLLOW SHARE