Threat hunting is the process during which security professionals look for threats that already exist within their organization’s IT infrastructure. This differs from penetration testing (also called pen testing), which seeks out and identifies vulnerabilities that a hacker could use to invade a network. Here is our advice on becoming a threat hunting pro and safeguarding your organization.
Build your information security operations center from the ground up and focus on the fundamentals
Threat hunting isn’t for the young, amateur security team, says Ismael Valenzuela, threat hunting pro who has worked in cybersecurity for decades. Shifting from a reactive, response-based system to a preventative one that actively “hunts” threats and neutralizes them takes maturity. Anticipating a potential cyber threat is not an exact science, and therefore requires just as much flexibility and intuition as it does skill and software. A mature team will already have protocols in place but will have the wisdom to know when alternative measures will be more effective.
Take a look at our blog on digital spring cleaning for even more pointers on cyber health.
Decide who will conduct your threat hunt: your internal security team or an outsourced third party?
There are pros and cons of both internal and outsourced threat hunting. Effective and proactive threat hunting requires nonstop network surveillance and, as mentioned, a mature and state-of-the-art security team… and not every organization can claim to have those capabilities. Outsourcing to a third-party threat hunting service can do the job comprehensively while minimizing the disruption on the routines of the organization.
Develop a plan and stick to it
Valenzuela emphasizes the need to focus on “the three knows”: knowing your enemy, knowing your network and knowing your tools. Pick one specific topic to investigate at a time (e.g., “X event is/is not happening in our cyber environment”), develop a hypothesis, and test that hypothesis in order to reach a conclusion. Collect your data and automate where possible.
Click here for Richard Ford’s take on the vicious cycle of incident-based cybersecurity protocols.
Threat hunting: It isn’t just a fad. In fact, it has taken center stage in the world of IT and cybersecurity as integral and important to every organization. Threat hunting puts your power and network privacy back into your hands, as a strategy that steps away from only playing defense. It is proactive, not reactive. Whether you conduct your hunt with an in-house security team or outsource, prioritizing threat hunting can be easier than you might think. All it takes is experience, an awareness of the fundamentals and the flexibility to deviate from them and thorough planning.
Now that you’re a threat hunting pro, check out the rest of the Secure360 blog to find out what else there is to learn. Have some pointers? Leave your ideas in the comments below!