Which of the following actions is MOST crucial when beginning threat hunting efforts, focusing on the protection of assets vital to the company's core functionality?
Continuously review access logs for all systems to immediately identify unauthorized access to business-critical assets.
Create a comprehensive inventory of all business-critical assets to ensure they are prioritized in hunting activities.
Ensure that all systems are regularly updated to the latest security patches regardless of their business criticality.
Keep regular backups of all systems to quickly restore any compromised business-critical assets.
Creating a comprehensive inventory of business-critical assets is essential to effectively prioritize threat hunting efforts. Without a clear understanding of which assets are critical, it is difficult to allocate resources properly and may lead to inadequate protection of crucial systems. Keeping backups of crucial assets certainly helps in recovery, but it is not directly related to the initial step of threat hunting. Regularly updating all systems is a good security practice, but it does not directly influence the prioritization in threat hunting. Reviewing access logs continuously is important for detecting anomalies but again falls short in terms of prioritizing efforts on business-critical assets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is creating an inventory of business-critical assets important for threat hunting?
Open an interactive chat with Bash
What types of assets should be included in a comprehensive inventory?
Open an interactive chat with Bash
How does threat hunting differ from traditional security measures like backups and updates?