There’s no way to ever know if your network is completely free of threats. That doesn’t mean the pursuit is futile.
There’s no way to ever know if your network is completely free of threats. That doesn’t mean the pursuit is futile. The benefit of threat hunting, besides uprooting threats that managed to get by your defenses, is that you can build up your security posture further.
Think of threat hunting as you would masonry. When building a house, start with that first ring of bricks, add mortar to hold them in place, then add another layer of bricks. Repeat the process layer by layer, building up the walls. With threat hunting, that first layer of bricks could be turning on sufficient logging and storing it. The mortar is the automation that keeps those logs coming in regularly. The next layer of bricks is comparing logs against IoCs. Automate those processes to hold the bricks in place. Keep learning with layers of data analytics, testing theories, etc.
Pretty soon, you’ve built a strong and stable threat hunting process that will give you the peace of mind that your organization is as free of threats as the environment can be.