What is Hunting?

Most security technologies, tools, and processes are passive. They’re triggered by events or conditions that generate some prescribed response ─ not unlike how your immune system works to detect and address foreign bodies. Enterprise antivirus is a well-known class of technologies that illustrate this process particularly well. But these passive controls and workflows are rarely immediate. Adversaries may be able to dwell undetected in your environment for hours, days, weeks, months, or years. Even worse, adversaries have learned to maximize their success with minimal dwell time, which leaves you the narrowest margin of error to prevent data theft or business disruption.

Threat hunting has become one of the more important functions of mature security organizations – a rare capability that enables them to address gaps in passive security solutions. But at first, threat hunting can be a daunting endeavor. How can you detect attacks that don’t deploy malware or leave behind known indicators of compromise? How can you deduce the presence of “fileless”attacks that minimize disk-based evidence? The goal of this guide is to help security teams cultivate the skills and procedures that enable threat hunting.

The first chapter provides an overview of threat hunting concepts and shares ideas for integrating threat hunting into security operations. Subsequent chapters explore techniques for hunts based on different adversary techniques. Appendices offer reference materials to remind you of key information. When you pick up this guide you join a global community of security professionals. Together we can reshape the security landscape by sharing knowledge and best practices on how to protect the world’s data from attack.

Click to download

Cyber resiliency, like security, is a concern at multiple levels in an organization. The four cyber resiliency goals, which are common to many resilience definitions, are included in the definition and the cyber resiliency engineering framework to provide linkage between risk management decisions at the mission and business process level and at the system level with those at the organizational level. Organizational risk management strategies can use the cyber resiliency goals and associated strategies to incorporate cyber resiliency.

Cyber resiliency objectives are more specific statements of what a system must achieve in its operational environment and throughout its life cycle to meet stakeholder needs for mission assurance and resilient security.

The purpose of this document is to supplement [SP 800-160 v1] and [SP 800-37] (or other risk management processes or methodologies) with guidance on how to apply cyber resiliency concepts, constructs, and engineering practices as part of systems security engineering and risk management for systems and organizations. This document identifies considerations of the engineering of systems that include the following circumstances or systems that depend on cyber resources. Circumstances or types of systems to which this document applies include:

Click to download