Next generation proactive cyber threat hunting - A complete framework

Abstract

In the past few years, cyber-attacks have been increasing in terms of volume, quality as well as attack methodologies. Organizations ranging from government agencies, financial institutions, corporate sectors have started setting up their own or outsourced security operation centers in order to maintain the CIA (Confidentiality, Integrity, and Availability) triad of the organization. Organizations have realized that having IT security or SOC is not enough to protect their network as new methods of breaching network security and new vulnerabilities come into existence. Here lies the importance of the organizations to focus on effective cybersecurity threat hunting, which will assist the organizations in predicting, detecting, isolating unknown advanced persistent threats that otherwise manage to evade existing security operations and monitoring systems. However, organizations are often oblivious about vulnerabilities present in the processes involved until those are exploited, causing harm to the organization, which depicts the concept of a zero-day vulnerability. The objective of this paper is to provide a cyclical framework to carry out effectively cybersecurity threat hunting and compares the same with the existing security operations prevalent in the organizations. The important parameters for active threat hunting include application of the right tools, training of employees, analytics, visibility, and intelligence, which are required to detect and investigate advanced cyber threats. However, this research paper considers organizations in the IT sector or banking sector mainly which become the victims of cyber-attacks easily.