Use code "cyberwork" to get 30 days of free training with Infosec Skills: -Go here: www.infosecinstitute.com/skills/ -Click the "Get Started" button under monthly and create your account -On the payment page, enter the coupon code "cyberwork" to get your first month free
tactician... one who has a lot to do with studying tactics used by threat actors, and also in some cases come up with counter measures against those tactics observed.
@@AMODERNArcher Threat hunting is hunting down zombies that have entered your safe zone, while tactical TI is getting ideas for making new weapons based on how the zombies are evolving. (if you have played dying light, this would make more sense) threat hunting generally deals with stuff INSIDE the environment. but if one really needs to know what the threat actors are doing AT PRESENT, one will have to take into account: 1. what other analysts are observing all throughout other environments globally (twiiter posts on IOCs and other movements) 2. Discussions going on in hacktivist forums 3. Observing changes in APTs and informing your threat hunting and content development team to come up with use cases. These things don't really fall under threat hunting.
@@shubhamdas2600 Thanks for your answer. I was just curious about how the definition is used. The company I work for in Sweden Threat hunters are doing all these things as you mention a tactician is doing. Browsing darknet trying to find new threats, finding leaked information etc etc. I think this definition might differ from country to country and ofc from organization to organisation.
@@AMODERNArcher hey, it's always good to know what the rest of the world is doing! The more we talk about these and share the knowledge, the better TI becomes! The place where I work in kinda wants to merge the threat hunting and threat Intel teams to make room for a better informed threat Intel and threat hunting services. I'd kinda feel that it's the right thing to do, since just looking on the inside, or just looking on the outside doesn't give us a complete oversight. I think your Team has already made that move in merging two services, which is a great thing! I don't think there should be a boundary within these 2 teams tbh... Threat hunters should look outside the environment for better visibility over threat actors, and threat intel people should also get their hands deep in SIEM solutions and other platforms to reeeaaaaally understand which iocs are kinda useful, or how IOAs actually look like in a real life scenario... But bottomline is, if someone asks what threat hunting is, and what tactical intelligence looks like (say for example in an interview), we should definitely go by the bookish definition 😂 (yeah it's a sad world)
