Cyber defense

480.
Cyber threat hunting is based on its own network monitoring, at the perimeter and internally, in order to discover new patterns of cyber attack by automatically identifying unusual behaviors (behaviors that do not adjust to the usual activity of the network) of users, processes, and devices.
481.
An effective threat hunting system is a creative process (based on hypotheses and assumptions of noncompliance) materialized through a flexible methodology that bases the success on the knowledge, experience and skills of the personnel who operate it (hunters or analysts) rather than in the tools.
482.
Once anew pattern is discovered, a reaction (automatic or human) must be triggered to repel the cyber attack and then anew plan must be designed and implemented, in collaboration with traditional security, to reduce the attack surface. Finally, the forensic investigation service can initiate investigations to discover the causes and origin.
483.
In any case, a strong cyber defense needs both types of cyber defense approaches (threat detection and threat hunting) since they complement each other.
484.
The current international reference for the preparation of cyber threat models and methodologies is the open access MITRE ATT&CK®
49
knowledge base that provides information on TTPs (tactics, techniques and procedures) based on real-world observations.
485.
The MITRE ATT&CK® reference provides a technical and operational framework for cybersecurity commonly used in both public and private sectors, facilitating public-private understanding and cooperation.
GUÍA DE

Download 2.54 Mb.

Share with your friends: