From the course: Threat Hunting Deep Dive: Intelligence-Based Detection and Response Strategies

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Baseline-driven threat hunting

Baseline-driven threat hunting

From the course: Threat Hunting Deep Dive: Intelligence-Based Detection and Response Strategies

Start my 1-month free trial Buy for my team

Baseline-driven threat hunting

- Let me ask you this. Without a solid baseline, without a good starting point, how would you know what's unusual in your IT environment or in your organization as a whole? This is where baseline-driven threat intelligence comes to play. It isn't just about spotting irregularities. It's about understanding the context. First, what is baseline-driven threat hunting? Baseline-driven threat hunting is a methodology that focuses on understanding what's normal in your environment. Then identifying and investigating deviations from that normal state. Think of it as establishing a security heartbeat for your organization. Imagine monitoring for network traffic. Over time, you notice a pattern. Traffic spikes during business hours, drops during weekends or holidays, but one weekend, there's a sudden surge in outbound traffic. That's an anomaly, and it could be an indicator of a data exfiltration attempt. This is where your baseline becomes a powerful tool. And if you have any indicator of…

Contents