Enterprises
Individuals
Enterprises
Individuals
Menu
Menu
Sign in
Product
Solutions
Pricing
Resources
Learn
Hands-on Labs
Courses
Learning Journeys
Challenges
Cloud Sandboxes
Playgrounds
Measure
Assessments
Tournaments
Certifications
Reports
Integrate
SCORM & LTI
SSO & SCIM
Our Learning Platform
Get Started Today
Book a demo
Get free trial
Contact us
Industries
Manufacturing
Government
Finance
Technology
Healthcare
Defense
Retail
Teams
C-suite
Security Teams
Engineering Teams
For L&D
We’ll help you
Achieve ROI
Achieve Compliance
Reduce Risk
Measurable Increase in Skills
Instructor Led Training
Success Stories
View all
View Enterprise Plans
Resources
E-books
Case studies
Webinars
Blog
Support
AppSecEngineer 101 Guide
Help Center
Discord
Teams
For C-suite
For Engineering Teams
For Product Teams
For L&D
What’s New
View all
How to Protect Your Organization from AI Threats Using Role-Based Security Training
Are Your Management Practices Pushing Your Security Team to the Brink?
X
X
X
Enterprises
Individuals
Enterprises
Individuals
Sign in
Menu
Menu
Training for
Library
Platform
Pricing
Resources
Step into the Spotlight with AppSec Expertise: Use coupon ‘SKILLUP30’ and get 30% Off on Individual Pro Annual Plans.
Popular with:
Developer
DevOps
Security Engineer

How is Threat Hunting Different From Threat Modeling?

Updated:
March 13, 2023
Written by
Abhay Bhargav

Table of Contents

  1. What is Threat Hunting?
  2. Types of Threat Hunting
  3. How is it Different From Threat Modeling?
  4. Conclusion

The importance of cyber security has increased manifold in the past years. A keen eye on cyber security helps protect businesses from data breaches, which can have a substantial financial and reputational impact and result in legal liabilities and compliance issues. 

Threat hunting is an integral part of the cyber security system. Threat hunters offer an additional layer of security to organizations. They look through security data and systems to find any breach or loophole a threat actor may have exploited. Companies can discover cyber threats faster by combining the strengths of humans and artificial intelligence (AI) tools in the threat hunting process.

Let’s begin with the basics.

What is Threat Hunting?

80% of threats can be intercepted by tier 1 and tier 2 security operations centers (SOC) and automated security tools. But the remaining 20% are likely to be sophisticated threats with the potential to cause significant damage. Give a threat actor ample time and resources; it will sneak into your network and cause irreparable damage. Threat hunting helps bring down the detection time from intrusion to discovery. 

A cost of a data breach can be around $9.44 million in the US, and early detection and proactive steps can help reduce this amount.

But what is threat hunting? 

It is a proactive approach to cybersecurity that seeks to identify any threat that might have slipped passed an organization’s initial layer of defense and remains undetected inside the system. An attacker can remain undetected on a network for months, while quietly collecting data, confidential information, or obtaining login credentials.

Threat hunting is an integral part of the security strategy as it goes over the traditional threat detection processes. 

Let's take a look at the key elements of threat hunting:

  • Identification of Indicators of Compromise (IOCs): Identifying malicious activity based on identified indicators of compromise, such as malicious IPs, domains, filenames, and hashes.
  • Proactive Search: Proactively searching for malicious activity that is not necessarily associated with known indicators of compromise.
  • Data Analysis: Analyzing data from various sources, such as logs, network traffic, and endpoint data, to detect potentially malicious activity.
  • Investigation: Investigating potential threats identified during threat hunting to determine the exact nature of the threat and its potential impact.
  • Response Plan: Develop a response plan to mitigate the threat, including containment, eradication, and remediation measures.

In short, threat hunting involves a combination of manual and automated processes to detect and investigate suspicious activity, such as suspicious network traffic, unusual user behavior, or suspicious files.

​​Types of Threat Hunting

Different types of threat hunting are needed to ensure comprehensive protection of an organization's networks, data, and systems. Varying types of threat hunting allow security analysts to look for different kinds of malicious activity, such as malware, phishing attempts, insider threats, and unknown threats. 

Here are the broad divisions of threat hunting:

Structured Threat Hunting

Structured threat hunting is a proactive cybersecurity technique that uses advanced analytics to identify malicious activity or potential threats that may otherwise go undetected. It involves leveraging data-driven analysis to detect malicious activities by looking for abnormal activity and suspicious behaviors in a network. 

A structured threat hunt is founded on an ‘indicator of attack’ (IoA) and the ‘tactics, techniques, and procedures (TTPs) of attackers. The hunts are aligned and brought together based on the TTPs of all threat actors. So here, the hunter usually identifies the threat actors before the attacker causes damage to the environment. 

Unstructured Threat Hunting

Based on a trigger, one of the numerous indicators of compromise (IoC), an ad hoc hunt is started. This trigger frequently asks a hunter to search for pre- and post-detection patterns. The hunter can research to determine their strategy as far back as data retention and prior linked offenses permit.

Entity-Driven or Situational Threat Hunting

An organization's internal risk assessment or analysis of trends and vulnerabilities specific to its IT infrastructure can yield a situational hypothesis. Entity-oriented leads are derived from attack data collected from the public, revealing the most recent TTPs of active cyber threats when examined. The threat hunter can then look around the environment for these particular actions.

How is it Different From Threat Modeling?

Threat modeling is a reactive approach to security that involves analyzing an existing system to identify potential threats and their associated risks. The goal of threat modeling is primarily to identify, quantify, and prioritize threats to the system so that appropriate countermeasures can be taken to reduce the risk of attack.

On the other hand, threat hunting is a proactive approach to security that involves actively searching for malicious activity on a system. This consists in analyzing log data and other system activity to detect signs of malicious activity. Unlike threat modeling, threat hunting does not generate a list of potential threats before an attack occurs. 

Instead, it relies on recognizing suspicious activities already present in the system.

Conclusion 

Threat hunting is crucial to any security strategy because it helps identify potentially malicious activity that may have gone undetected by other security measures. By proactively searching for indicators of compromise, such as malicious files, suspicious network traffic, and suspicious user behavior, threat hunting can help organizations detect and respond to cyber threats quickly, reducing the risk of a successful attack. 

With threat hunting, you can improve your organization's security posture by better understanding the threats they face and developing more effective security measures to protect against them.

If you want to become a threat hunter or are looking to upskill yourself to further your career as an IT security professional, then consider learning about threat hunting and threat modeling essentials from AppSecEngineer.

Source for article
Abhay Bhargav

Abhay Bhargav

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA. He loves golf (don't get him started).

Categories

L&D
Product Teams
Engineering Teams
C-suite
Infographics
AI Security
Container Security
Threat Modeling
Cloud Security
DevSecOps
Kubernetes
Application Security

Latest

How to Protect Your Organization from AI Threats Using Role-Based Security Training
Are Your Management Practices Pushing Your Security Team to the Brink?
Protect Your Business By Strengthening API Security
How to Successfully Implement Shift-Left Security for Your Organization
Understanding SOC 2 Compliance: A Complete Guide
Ditch the Audit Panic! AppSecEngineer's Got Your Back.
The Complete Guide to ISO 27001 Compliance
A Guide to NIST SP 800-53: 20 Steps to Compliance
Thinking about a career in tech? DevOps vs DevSecOps
Deep-Dive into PCI-DSS: Achieve Compliance in 12 Steps
Why Less Is More for High-Impact Developer Education
Top 10 Cybersecurity Power Players
How to Build a Stronger, More Secure Software Supply Chain
Stop Security Team Burnout Before It Starts
BigQuery Vector Search for Log Analysis: A Security Researcher's Perspective
The AI Advantage in DevSecOps
One Week After the CrowdStrike Incident
An In-Depth Look at Secure-By-Design Strategies
The Only Guide You’ll Need to Build Your Own DevSecOps Trained Team
Is DevSecOps a Good Career Option?

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023
QUICK LINKS
Sign InSign UpPrivacy Policy
E-BOOKS
Beginner's Guide to
a Career in AppSecTrain your Teams to Fly
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

68 Circular Road, #02-01, 049422, Singapore

Copyright AppSecEngineer © 2023