Discovering malicious activity in your network goes well beyond the real-time detection of indicators of compromise. The reality is that cyberattacks can frequently occur under the radar, and you don’t always know they’ve happened until the damage is done.
That reality makes threat hunting, or the process of proactively searching out evidence of malicious activity, a critical function for any organization with sensitive data or resources -- which is just about every organization.
Hunting down new or unknown threats on your network today is especially challenging. Your team needs to be equipped with the right data and techniques to sift out suspicious activity from seemingly normal behavior. Additionally your team will need to hunt for previously unknown attacker tactics and objectives. However, not all hunting engagements reveal an advanced adversary. Sometimes the hunt ends in identifying security gaps and general risky processes.
Threat hunting is a necessary step to mature your security team from a reactive organization to a proactive one. For hunting to be an effective capability, you will need to pair threat hunting skills, experience, and intuition with the right technology.
Security products you implement should capture and retain relevant network data that doesn’t create additional busy work. In addition, this data should be easily accessible and open for integration unique to your security program.
It is important that threat hunters refine their skills over time. Testing and validating a hypothesis is just the beginning. Hunters need to have an investigative mindset that helps them be more aware of what they need to look out for so they can react quickly and in ways which limit bias.
Join me, James Condon, and Senior Threat Researcher Tom Hegel on Wednesday, March 22 at 10AM Pacific / 1PM Eastern for our webinar “Building a Threat Hunting Practice Using the Cloud” to learn more about these and other topics. We’ll discuss the best types of network data to collect and analyze, how the cloud can help make threat hunting more efficient, and practical tips to help make you and your team better threat hunters.
Next blog post