Threat Hunting Beyond the IOC with MITRE ATT&CK

In the industry’s pursuit for the perfect security alert - high confidence, enriched, threat intelligence based - we have become increasingly hampered in identifying high impact threats for which no known Indicators of Compromise (IOCs), signatures or high fidelity threat models are known. The practice of threat hunting has emerged to solve the problem of identifying threats for which we have partial or limited intelligence. Supported by new industry standards like the MITRE ATT&CK taxonomy, threat hunting can support in the identification of commonly used techniques that may indicate the occurrence of a threat.