How to Become a Threat Hunter

Introduction

A cyberthreat can be defined as any adversary with three basic characteristics: the intent, capability and opportunity to do harm. While a traditional cybersecurity strategy can do quite a lot to reduce the opportunities for a breach, little can be done about the other two factors.

As cybercriminals’ methods and tools evolve, attack techniques are constantly updated and systematically employed to detect every weakness in cybersecurity. It is particularly important to understand that even the best-laid security countermeasures, based on current security solutions, cannot ensure 100% protection. There is always the chance a vulnerability will remain undetected for many years — such as Meltdown and Spectre, a design flaw in most modern processors that could be exploited to gain unauthorized access to data.

That is where threat hunting comes in. Based on the premise that no system is fully secure, threat hunting assumes an advanced threat may have already slipped by existing security solutions; therefore, the best course of action is proactively searching corporate network and assets in order to detect and isolate the attacker.

While a significant part of the threat hunting process must be done with the help of technology (e.g. a SIEM solution), it cannot be fully automated. In fact, hunting is highly dependent on the hunter’s level of expertise. In a traditional security approach for detecting threats, it is quite usual to start by deploying a technology and then have experts who are trying to get the most out of it. With threat hunting, it’s the other way around: you start with people, the threat hunters, and then use technology to get the most out of their abilities.

So, how does a security professional become a master threat hunter? What are the fundamental skills to face one of the most challenging cybersecurity fields and (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/i-Jw3nA7xhw/