From the course: Security Operations (SecOps) Essentials: Detecting and Responding to Security Threats
Join today to access over 25,500 courses taught by industry experts.
Threat hunting for SecOps
From the course: Security Operations (SecOps) Essentials: Detecting and Responding to Security Threats
Threat hunting for SecOps
- [Instructor] Threat hunting is the practice of proactively searching for cyber threats that lurk undetected within a network. It's a specialized area within cybersecurity that ideally operates 24/7 with a dedicated team. It's also the last line of defense, as this team focuses on stealthy threat actors that have already evaded all security controls. A threat hunter requires a skeptical, and curious mindset. They have to operate under the assumption that an undetected incident has already occurred. SOC are typically structured into tiers based on responsibilities and skill levels. Tier 1 Analysts. Entry level analysts who monitor alerts, and perform initial triage. They're rarely involved in threat hunting activities. Tier 2 Analysts. Intermediate analysts who conduct deeper investigations, perform root cause analysis, and coordinate with IT teams for remediation. They may perform basic threat hunting, often using atomic indicators from threat intelligence sources. Tier 3 Analysts…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.