You're reading from The Foundations of Threat Hunting Organize and design effective cyber threat hunts to meet business needs

Product type Paperback

Published in Jun 2022

Publisher Packt

ISBN-13 9781803242996

Length 246 pages

Edition 1st Edition

Concepts

Threat Hunting

Authors (3):

William Copeland

Chad Maurice

Jeremiah Ginn

View More author details

Table of Contents (19) Chapters

Preface

1. Part 1: Preparation – Why and How to Start the Hunting Process

2. Chapter 1: An Introduction to Threat Hunting FREE CHAPTER

3. Chapter 2: Requirements and Motivations

4. Chapter 3: Team Construct

5. Chapter 4: Communication Breakdown

6. Chapter 5: Methodologies

7. Chapter 6: Threat Intelligence

8. Chapter 7: Planning

9. Part 2: Execution – Conducting a Hunt

10. Chapter 8: Defending the Defenders

11. Chapter 9: Hardware and Toolsets

12. Chapter 10: Data Analysis

13. Chapter 11: Documentation

14. Part 3: Recovery – Post-Hunt Activity

15. Chapter 12: Deliverables

16. Chapter 13: Post-Hunt Activity and Maturing a Team

17. Other Books You May Enjoy

Appendix

Summary

In review, understanding the difference between threat hunting and other forms of cyber defense will be critical for your journey forward. Most cybersecurity defenses are reactive in nature, in that they act as an alarm that is triggered on a known bad event. Unlike many standard defense mechanisms found across networks, cyber threat hunting is a proactive defense mechanism in that it is executed without any warning or indication of malicious activity. With all of that in mind, cyber threat hunting can still be a part of the incident response life cycle.

It is able to do so by providing an additional layer of dynamic and proactive security onto the standard reactive defense mechanisms commonly employed by enterprises. This proactive defense concept is not new and can be found in many organizations' physical security elements. One of the main differences that defenders identify with is that day-to-day defenders will thrive in an environment with a low false positive rate in order to not waste resources. Threat hunters will want a low false negative rate in order to ensure nothing slips past their investigation.

Without proactive defenses, there will be a distinctive limit to what can be achieved in the realm of security. Many advanced technics and adversaries could easily slip past reactive defenses and wreak havoc before being detected.

Now that we know what cyber threat hunting is, we will look at the whys and hows for identifying what is needed for a cyber threat hunt in the next chapter.

Authors (6)

Maurice

Chad Maurice is a life-long cyber security enthusiast with a background in both offensive and defensive teams. He has led Red Teams in physical and network security tests as well as overseen planning and daily management for numerous Incident Response and Threat Hunting teams that provided defenses for Enterprise networks spanning around the globe. He has earned a Master's degree in Information Systems Security/Information Assurance from Capella University in 2011. Additionally, Chad has achieved an array of industry certifications ranging from OSCP to CISSP. Currently, he is an engineer at a Fortune 100 company enhancing defensive capabilities for all of their business assets.

See other products by Maurice

Chad Maurice

See other products by Chad Maurice

Copeland

William Copeland is a renowned leader and technician within the cyber defense community. He has endeavored the last two decades to clear the path for the operators under his leadership to become more efficient and effective cyber defenders. He earned a Bachelor's degree in Information Technology from Western Governors University in 2018. Additionally, William has accomplished the following certifications: Security+, Linux+, Project+, Network+, GCFA, GPEN, GNFA, GREM, GDAT, GCDA, GSEC, GCIA, GCIH, SSAP, GCFE, and GCTI. Currently, he is a senior leader within a cyber hunting organization providing planning, coordination, integration, and execution of defensive teams that track and eradicate adversaries on customer networks.

See other products by Copeland

Jeremiah Ginn

Jeremiah Ginn is a husband, father, teacher, engineer, architect, author, advocate, and lives a life focused on investing in those that cross his path. Today, he has 3 biological and 6 adopted children, 3 grandchildren, and lives in Northwest Arkansas. A service-disabled veteran, he proudly served in the US Army. He serves today as a Military Veteran Advocate, and a Champion for Children's Adoptive and Foster Care programs across multiple non-profit organizations. Jeremiah leads software-defined networking evangelism efforts across many global customers in their efforts to automate network infrastructure. His technology career has covered 25 years in technology consulting with almost all Fortune 500 companies. His market leadership is in SD-WAN, SASE, NFV, Multi-Tenant Cloud Edge Compute, and Network Infrastructure Architecture and has touched more than 3,000 organizations directly. He is a Scrum Master, Developer, Author, Public Speaker, Educator, and Technology Evangelist. He is an IEEE member as well as a MEF Forum member. Jeremiah has contributed to the development of SDN, SD-WAN, and SASE solutions at AT&T as well as the MEF Forum's SASE W117 working group on SASE Service Attributes and Service Framework.

See other products by Jeremiah Ginn

William Copeland

See other products by William Copeland

Jeremy Thompson

Jeremy Thompson is a tenacious leader and technical expert who has dedicated the last two decades to the profession of cyber security. His background has broadened him from managing infrastructure in support of a large-scale network to directing operations for an organization conducting threat hunts on IT and OT networks around the globe. He earned a Master's degree in Information Systems Management from the University of Nebraska at Omaha in 2014. Additionally, Jeremy has achieved the following certifications: CCNA – Cyber Operations, GSEC, GCFA, GDAT, GFNA, and CISSP. Currently, he is an Incident Response and Operations Manager for CyberDefenses Inc out of Austin, TX.

See other products by Jeremy Thompson

You're reading from The Foundations of Threat Hunting Organize and design effective cyber threat hunts to meet business needs

Table of Contents (19) Chapters

Summary

Authors (6)

Personalised recommendations for you