Cyber Threat Hunting - Steps and Techniques

1. Cyber Threat Hunting Steps and Techniques

2. What is Threat Hunting ? Cyber threat hunting is an exercise searching for threats throughout the network or IT infrastructure which are concealed and/or lying undetected. This malicious files/code in the network or IT infrastructure which have slipped through the preliminary defenses. process digs deep to locate Cyber Threat Hunting security www.sattrix.com

3. Why is it Important? It is an important part of Managed Security Operations Center (Managed SOC). For any business, it is essential to: • Investigate potential compromises • Detect advanced threats • Improve their Cyber defense systems before threats do more damage to the organization. Importance of Threat Hunting www.sattrix.com

4. Factors Behind Threat Hunting Intent Capability Opportunity Understand the potential intent of a hacker based on organization’s data. Opportunity is where intent and capability come together. Hackers Capability are varied over time. Don’t let hacker find opportunities to get in the systems! Staying agile with the cybersecurity defenses keeps you safe. Once intent is uncovered, an IT professional will know what precautions to take. So, hacker cannot get through. www.sattrix.com

5. Cyber Threat Hunting Steps • Trigger • Investigation • Resolution www.sattrix.com

6. The Trigger It points threat hunters to a specific area of the network for investigation when potential malicious detected activities are The Trigger www.sattrix.com

7. Investigation In this phase, threat hunting services provider uses EDR (Endpoint Detection and Response) & AI/ML based analytics technology to deep dive into potential malicious compromise of a system. Investigation Phase www.sattrix.com

8. Resolution In this phase, intelligence related to malicious activity & it's details are communicated to the operations and security teams to incidents and mitigate them. respond to the Resolution Phase www.sattrix.com

9. Our Approach Detect Abnormality Data Planning Customization Cooling Period Report www.sattrix.com

10. Threat Hunting Techniques • Searching • Clustering • Grouping • Stack Counting www.sattrix.com

11. Searching Searching through flow records, logs, alerts, system events, digital images and memory dumps for uncommon User- Agent Fields. Try Sattrix’s Real Time Monitoring of Threats for IT Infrastructure. Searching It’s important to find a balance between not making search criteria too broad and not making the criteria too narrow. www.sattrix.com

12. Clustering Clustering involves separating clusters of similar data points based on particular characteristics from a larger data set. Analysts gain a wider view of data through this: • Find similarities correlations • Weave those insights together to get a clearer picture of what’s happening within their organization’s network and determine how to proceed next Clustering and/or unrelated www.sattrix.com

13. Grouping Based criteria, this technique is to take multiple unique artifacts and identifying when multiples of them appear together. on the predetermined search Grouping explicit set of items that have already been established as suspicious. only includes searching an Grouping www.sattrix.com

14. Stack Counting Stack Counting is known as Stacking. It occurrences for values of a particular type of data and analyzing the outliers of those results. involves counting the number of Stack Counting It is effective with data sets that produce a finite number of results and when inputs are carefully designed. www.sattrix.com

15. Contact us Global Presence India – Sattrix Information Security (P) Ltd. info@sattrix.com UAE – Sattrix Information Security DMCC Follow us UK – Sattrix Information Security Ltd. USA – Sattrix Information Security Incorporation