An overwhelming increase in sophisticated and targeted attacks from threat actors, or even nation-states such as Iran, China and Russia, have made threat-hunting services necessary for organizations and even governments to stay one step ahead of threats.
Adversaries try their level best to perform reconnaissance with hopes of penetrating corporate networks and exploiting systems without detection. In response, organizations require a proactive and iterative threat-hunting program that should be ranked highly for precision and sophistication. In this article, we will explore ten steps covering how to conduct such an effective and reliable threat-hunting campaign.
1. Decide Whether to Choose In-House or Outsourced
When your company decides to conduct a threat-hunting program, it has two options — either in-house or outsourced. In-house threat hunting involves threat hunters from within the organization without hiring the services of a third-party or outsourcer. In this situation, the company should possess a sufficient talent pool to conduct a threat hunt itself. For example, your own threat-hunting team should have the ability to deal with Advanced Persistent Threats (APTs) carried out by adversaries.
On the other hand, if your company doesn’t have enough security staff and resources to conduct a threat hunt, then it will look towards outsourcing the threat-hunting program. In fact, outsourcing is the agreement whereby one organization hires another organization to get its specific tasks or projects done. In the case of threat hunting, one company will hire threat hunters from another company on an ad-hoc basis. These outsourced threat hunters will remain associated with the company until a threat-hunting program is completed successfully.
2. Start With Proper Planning
Whether you start threat hunting in-house or outsourced, the best threat-hunting campaign begins with proper planning. You must plan which processes will be executed to conduct your threat-hunting program. These processes are designed (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/lw0OTcdgeZ0/