Cyber Threat Hunting - Steps and Techniques

1
Cyber Threat Hunting
Steps and Techniques
2
What is Threat Hunting ?

• Cyber threat hunting is an exercise searching for
  threats throughout the network or IT
  infrastructure which are concealed and/or lying
  undetected.
• This process digs deep to locate malicious
  files/code in the network or IT infrastructure
  which have slipped through the preliminary
  security defenses.

Cyber Threat Hunting
www.sattrix.com
3
Why is it Important?

• It is an important part of Managed Security
  Operations Center (Managed SOC).
• For any business, it is essential to
• Investigate potential compromises
• Detect advanced threats
• Improve their Cyber defense systems
• before threats do more damage to the organization.

Importance of Threat Hunting
www.sattrix.com
4
Factors Behind Threat Hunting
Intent
Capability
Opportunity
Understand the potential intent of a hacker based
on organizations data. Once intent is
uncovered, an IT professional will know what
precautions to take. So, hacker cannot get
through.
Opportunity is where intent and capability come
together. Dont let hacker find opportunities to
get in the systems!
Hackers Capability are varied over time. Staying
agile with the cybersecurity defenses keeps you
safe.
www.sattrix.com
5
Cyber Threat Hunting Steps

• Trigger
• Investigation
• Resolution

www.sattrix.com
6
The Trigger

• It points threat hunters to a specific area of
  the network for investigation when potential
  malicious activities are detected

The Trigger
www.sattrix.com
7
Investigation

• In this phase, threat hunting services provider
  uses EDR (Endpoint Detection and Response)
  AI/ML based analytics technology to deep dive
  into potential malicious compromise of a system.

Investigation Phase
www.sattrix.com
8
Resolution

• In this phase, intelligence related to malicious
  activity it's details are communicated to the
  operations and security teams to respond to the
  incidents and mitigate them.

Resolution Phase
www.sattrix.com
9
Our Approach
Data Planning
Detect Abnormality
Customization
Cooling Period
Report
www.sattrix.com
10
Threat Hunting Techniques

• Searching
• Clustering
• Grouping
• Stack Counting

www.sattrix.com
11
Searching

• Searching through flow records, logs, alerts,
  system events, digital images and memory dumps
  for uncommon User-Agent Fields. Try Sattrixs
  Real Time Monitoring of Threats for IT
  Infrastructure.
• Its important to find a balance between not
  making search criteria too broad and not making
  the criteria too narrow.

Searching
www.sattrix.com
12
Clustering

• Clustering involves separating clusters of
  similar data points based on particular
  characteristics from a larger data set.
• Analysts gain a wider view of data through this
• Find similarities and/or unrelated correlations
• Weave those insights together to get a clearer
  picture of whats happening within their
  organizations network and determine how to
  proceed next

Clustering
www.sattrix.com
13
Grouping

• Based on the predetermined search criteria, this
  technique is to take multiple unique artifacts
  and identifying when multiples of them appear
  together.
• Grouping only includes searching an explicit set
  of items that have already been established as
  suspicious.

Grouping
www.sattrix.com
14
Stack Counting

• Stack Counting is known as Stacking.
• It involves counting the number of occurrences
  for values of a particular type of data and
  analyzing the outliers of those results.
• It is effective with data sets that produce a
  finite number of results and when inputs are
  carefully designed.

Stack Counting
www.sattrix.com
15

• Global Presence

Contact us
India Sattrix Information Security (P) Ltd. UAE
Sattrix Information Security DMCC UK Sattrix
Information Security Ltd. USA Sattrix
Information Security Incorporation
info_at_sattrix.com
Follow us