{"id":1215,"date":"2023-04-28T19:14:55","date_gmt":"2023-04-28T19:14:55","guid":{"rendered":"https:\/\/proximabiz.com\/?p=1215"},"modified":"2023-04-28T19:14:55","modified_gmt":"2023-04-28T19:14:55","slug":"how-important-is-cloud-threat-hunting","status":"publish","type":"post","link":"https:\/\/thepongroup.com\/proxima\/how-important-is-cloud-threat-hunting\/","title":{"rendered":"How Important is Cloud Threat Hunting?"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1248px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p><span style=\"font-weight: 400;\">Threat hunting is a proactive approach for finding and remediating undetected cyberattacks. It is a process that involves searching for indicators of compromise (IoC), investigating, classifying and remediating.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threat hunting can be Infrastructure as Code-driven when the hunter investigates an indicator provided by external or internal sources. It can also be hypothesis-driven when the hunt begins with an initial hypothesis or question.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threat hunting is necessary simply because no cybersecurity protections are always 100% effective. An active defense is needed, rather than relying on \u201cset it and forget it\u201d security tools. Since adversaries have followed the journey to the cloud, threat hunting is required to detect and disrupt advanced threats originating, operating and persisting in the cloud.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Today, more than 70% of application code used is open source. Attackers look to include their malicious code in common projects such as GitHub. After poisoning the well, they patiently wait as the new version makes its way into your cloud applications. Remaining undetected is vital to the success of this and most attacks. Unfortunately, most attacks succeed at remaining undetected. The average time required to identify and contain a breach is 280 days.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threat hunting involves using manual and software-assisted techniques to detect possible threats that have eluded other security systems. These threat-hunting tasks can include hunting for malicious activity within your account. Attackers will do everything in their power to hide their actions, but usually will leave some traces of their activity \u2014 like breadcrumbs you can only see if you look in the right places.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are three things you need to do to hunt threats effectively:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Step 1: Collect Quality Data<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Data collected can come from log files, servers, network devices, databases and endpoints. In the cloud, some of the most useful threat-hunting data will come from traffic flow logs and event activity logs.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Step 2: Analyze This Data in the Context of Known Threats<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threat hunters must search for patterns and potential indicators of compromise (IOCs). You should always be looking at your logs to monitor properly. Too often, organizations don\u2019t have enough resources and manpower to dedicate to ongoing intrusion detection monitoring.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Step 3: Analyze the Tools to Make Sense of it All<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are certain obvious signs of potential malicious activity. Do you have outbound traffic to a Tor exit node? Access tokens are being abused by new sources? What you really want is a cloud security solution that will alert you of these things automatically. Even the most skilled threat hunter might not pick up on obviously malicious activity if it is buried under a mountain of cloud logs.<\/span><\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":1216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1215","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/posts\/1215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/comments?post=1215"}],"version-history":[{"count":1,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/posts\/1215\/revisions"}],"predecessor-version":[{"id":1217,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/posts\/1215\/revisions\/1217"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/media\/1216"}],"wp:attachment":[{"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/media?parent=1215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/categories?post=1215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thepongroup.com\/proxima\/wp-json\/wp\/v2\/tags?post=1215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}