Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

How do reactive threat detection and proactive threat detection differ? Analytics engines apply reactive threats in the SIEM, intrusion detection system ( IDS ) ,

How do reactive threat detection and proactive threat detection differ? Analytics engines apply reactive threats in the
SIEM, intrusion detection system (IDS), or endpoint sensors - tools you will learn about later in this module. Proactive
detections are made by threat hunters searching through the data based on threat intelligence information and
internally generated intelligence.
According to a 2020 Threat Hunt survey conducted by the SANS Institute, 70% of organizations report that they
currently perform proactive threat hunting. However, these respondents noted that their proactive detections are
relatively immature, with the biggest obstacles cited as a lack of skilled staff, budget constraints, and a lack of defined
processes.
In this Try-It Activity, you will first research a prevalent detected malware sample by digging into reports from a malware
sandbox that detail its static and behavioral characteristics. Then, if endpoint monitoring capabilities discover this
malicious code present or running on a system in your environment, the security operations team and incident
responders would be called to take reactive actions in accordance with playbooks specific to the threat.
In the second part of this Try-It Activity, you will model proactive detection techniques similar to the actions of a threat
hunter. Given a specific threat group, you will identify the tactics, techniques, and procedures unique to that actor.
Based on your findings, you will formulate hunt hypotheses on how you may detect malicious activity attributed to this
actor.
Part 1
Access the MalwareBazaar Database
Explore the page and identify the following:
Note: Ensure you follow best practices when navigating this website. Identifying the information doesn't require
clicking on any additional links.
File type:
Filename:
MD5 Hash:
First seen data and time:
Names of the YARA Rules that detected this sample:
Part 2
The DeathStalker threat group, tracked by Kaspersky since 2018, is known to target law firms and financial
institutions. However, this threat actor does not appear to be motivated by financial gain. It deviates from the typical
tactics used by cybercriminal gangs, such as ransomware, financial transactional data theft, or customer account
compromise. Instead, Kaspersky researchers deduce that this actor is a group of hackers-for-hire, picking up operations
based on the needs of their customers.
Read the Kaspersky reference below regarding the Powersing toolset, the DeathStalker threat group. Then, identify the
tactics, techniques, and procedures unique to that actor and formulate hunt hypotheses for detecting this malicious
actor.
Resources
Lifting the Veil on DeathStalker, a Mercenary Triumvirate G_ Ivan Kwiatkowski, Pierre Delcher, and Maher Yamout
Hunt Evil: Your Practical Guide to Threat Hunting
image text in transcribed

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Relational Database And SQL

Authors: Lucy Scott

3rd Edition

1087899699, 978-1087899695

More Books

Students also viewed these Databases questions