The Ultimate Guide to Threat Hunting

Introduction

At its essence, cyberthreat hunting can be quite similar to real-world hunting. It requires a uniquely skilled professional possessed of considerable patience, critical thinking, creativity and a keen eye for spotting prey, usually in the form of network behavior abnormalities.

“But what exactly is the hunter looking for? And why do we need them?” asks the CEO. “Shouldn’t our systems be sufficiently protected, since we already implemented the most recent cybersecurity solutions?” That’s an easy question: the central pillar of threat hunting is understanding the simple fact that no system can be considered 100% protected. Even with the best and most current technology, there is always the chance that some advanced threat will be able to evade the several security layers protecting a company, and that is what we are looking for.

Historically speaking, most companies have adopted an approach where once a security solution is deployed, it is focused on protecting against the majority of attacks – for example, in the case of an anti-malware solution, it’s usually quite efficient against malicious codes that have already been analyzed and mapped to a pattern. If it is a completely new piece of code, even the most recent, artificial-intelligence-based solutions may have a hard time detecting it.

That is where threat hunting comes in and creates a new security paradigm: it assumes that since it is not possible to prevent every attack, the company network will be compromised, and this will leave a trail leading to the prey.

So are you interested in joining the hunt? Here are a few essential points you should understand for creating an effective Cyber threat hunting program:

What is a Threat Hunter?

This information security professional also goes by the (not so cool) name of cybersecurity threat analyst. Usually working from a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/_faE74LUcZ8/