Proactively discover threats in your environment that go undetected using existing traditional security controls before they result in exploitation. Use hypothesis on historical data on indicators or watch lists of known activity. Detect known and unknown malicious activities by identifying anomalous behavior using artificial intelligence and machine learning-based threat hunting tools. Combine this with human intelligence to collect information, create a hypothesis, and identify threats that have left indicators of movement around your network, endpoints, or directory systems.
Once a threat actor is identified, a quick recovery is critical to limiting the impact to your organization. Document the details of the threat and execute an incident response plan. With the necessary approvals in place, contain and neutralize the bad actor before any further damage is done by first cutting off communication channels and then eradicating any malware and threat actor presence from the environment. Leverage SOAR capabilities to execute defined playbooks.
Document and record all findings and actions in a report that summarizes the detection process, the output of the hunt process and its implications, and the incident response actions. Update the dashboard for a CxO level briefing. To prevent future threats, apply the learnings from the adversary’s behavior by documenting their tactics, techniques, and procedures.