What Exactly is Threat Hunting – and Why Does it Matter?

The first time the hunting definitions and procedures I had grown accustomed to were put into question was when I left my first job and began interviewing for another. When one interviewer asked what I do to hunt for malicious activity on a network, he scoffed at my response of pulling open-source indicators of compromise (IoCs) from places like malware-traffic-analysis.net, zeustracker, etc., responding, “Well that’s not really hunting, is it?” I then continued to list other indicators, like POSTs without referrers, HTTP traffic to IPs and other noisy starting points that I had used in the past to begin an open-ended investigation.

Read full news article on Infosec Island