Intelligent CIO Middle East Issue 101 | Page 22

THREAT HUNTING GUIDE HOW TO THREAT HUNT WITH OPEN NDR + MITRE ATT & CK ®
LATEST INTELLIGENCE

THREAT HUNTING GUIDE HOW TO THREAT HUNT WITH OPEN NDR + MITRE ATT & CK ®

PRESENTED BY
Download whitepaper here

This Threat Hunting Guide was created to teach you simple and relevant ways to discover attacks before they happen using Corelight network data . This document – organized around the MITRE ATT & CK ® framework – is designed to help you develop a theory for threat hunting and establish prioritization .

MITRE ATT & CK is a globally-accessible knowledge base of adversary tactics and techniques based on real world observations . It ’ s used as a foundation for specific threat models and methodologies in the private sector , government , and the cybersecurity industry . With the creation of ATT & CK , MITRE is fulfilling its mission to solve problems for a safer world – by bringing communities together to develop more effective cybersecurity . ATT & CK is open and available to any person or organization for use at no charge .
WHAT IS THREAT HUNTING ?
At a high level , threat hunting is actively looking for adversaries in your network when you don ’ t know if they ’ re inside . This is different from indicator matching , which is only watching for well-known signs of attackers , for example , IP address ( es ) or file hash . Usually conducting a threat hunt involves researching a theory , or hunch , and then analyzing data looking for something interesting . Items that are interesting can take many shapes , for example in The Cuckoo ’ s Egg , by Clifford Stoll an accounting error initiated the hunt .
“ Dave wandered into my office , mumbling about a hiccup in the Unix accounting system . Someone must have used a few seconds of computing time without
22 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com