How do you think computers are secured nowadays?
You might think with firewalls or anti-virus solutions like Windows Defender. If you want to get fancy perhaps a VPN like [insert name of VPN which keeps coming up every time I want to watch a YouTube video] or something cool like a Yubikey / fingerprint scanner to unlock your computer. If you work for an enterprise you might answer with “DDoS (Distributed Denial of Service) protection”, “an email gateway to filter malicious emails”, or “a really expensive Microsoft product”.
Either way, all of these security solutions — and many others like IDS (Intrusion Detection Systems), EDR (Endpoint Detection Response), and WAF (Web Application Firewall) — are passive defenses that a security team will put up to stop an attacker gaining access to their systems. You can think of them as walls designed to block entry and protect your precious treasure. In cyber security, they are means of ensuring the confidentiality, integrity, and availability of data (the fabled CIA triad).
The walls are good. If I was a medieval king and my castle was being besieged then I would want to be behind a few walls. However, I would also want to fight back and defend my castle! This is where threat hunting comes into play. Threat hunting is “the process of proactively and iteratively searching…
