Cyber threat hunting is a sub-discipline to threat detection that relies on proactive and iterative searching through data to identify otherwise undetected threats. It does this through a variety of mechanisms and methodologies, typically by looking for statistical outliers (in so-called data-driven hunting) or suspicious and malicious behaviors (in behavioral cyber threat hunting). Organizations conduct cyber threat hunting as a means of identifying odd activity in the environment that might belie an attacker’s actions, especially once they have slipped past an organization’s defenses.
Afterall, an adversary needs to be right just once, whereas defenders need to be right every single time. The simple reality is that while organizations continue to invest in new technologies that can provide them increased levels of visibility internally, most of the effort (and budget) is still dedicated to the perimeter. And despite these unprecedented levels of visibility within organizations’ environments, it is still trivial for many adversaries to evade AV/EDR tools or bypass them all together. And, once an adversary can evade or bypass the internal on-host defenses, it can be harder to detect them and immeasurably more difficult to stop. In fact, they can become a bit of a ghost in the machine.
Check the complete article here