We all face the threats in our daily life. What are the real threats to our digital life, we do not know due to lack of awareness. Today, we are going to discuss another major difference in threat detection and threat hunting, which we all need to know to be safe in our digital lives.
Threat detection is an automated process which is carried out in our mobile phones and laptops through antivirus and firewalls and in organizations EDR, SIEM, XDR are used. It continuously monitor the traffic and logs to capture any malicious indicator of compromise. Like the process of data exfiltration, in which malicious actor transfer data without permission. So the SIEM Tools capture that activity in the organization and alert the activity. When alert is displayed the SOC team, respond to that threat.
On the other hand, threat hunting is an human driven process in which a team uses hypothesis to hunt the threat before it happend. Threat hunting team suppose the system is compromised and looked in to the activity. The work on threat hypothesis and hunt the threat like data exfiltration over a same network.
The another difference between the two is threat detection is a reactive approach while threat hunting is proactive approach. Threat hunters think like adversary is in the environment and trying to evade the evidences. They figure out the adversary behavior and capture the malicious activity before the system is compromised.