Introduction to Remediation
The majority of a threat hunter’s role is looking for the “needle in the haystack” by using a variety of different tools and techniques to look for threats that may or may not even exist. However, sometimes the threat hunter actually finds something that has slipped past the organization’s defenses. At this point, it’s time to perform remediation.
At this stage in the process, the assumption is that the threat hunter already knows everything there is to know about the threat. They’ve detected signs of compromise, performed an in-depth investigation and ferreted out all its secrets. Now it’s time to get rid of it and move on.
The strategy used by a threat hunter during remediation depends on the sophistication of the hunter and the attack. In some cases, basic remediation strategies may be effective for elimination of the threat. However, advanced adversaries have the ability to detect and evade these steps, meaning that more comprehensive measures may be required.
Basic techniques for remediation
There are many ways to remediate an attack with varying levels of difficulty, sophistication and success. Depending on the sophistication of the adversary and the tools that they use, some techniques