• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

3 steps to becoming a threat hunting pro

June 8, 2018 by Secure360 and UMSA

Circling sharks in blue water

Copyright : cbpix

Threat hunting is the process during which security professionals look for threats that already exist within their organization’s IT infrastructure. This differs from penetration testing (also called pen testing), which seeks out and identifies vulnerabilities that a hacker could use to invade a network. Here is our advice on becoming a threat hunting pro and safeguarding your organization.

  1. Build your information security operations center from the ground up and focus on the fundamentals

Threat hunting isn’t for the young, amateur security team, says Ismael Valenzuela, threat hunting pro who has worked in cybersecurity for decades. Shifting from a reactive, response-based system to a preventative one that actively “hunts” threats and neutralizes them takes maturity. Anticipating a potential cyber threat is not an exact science, and therefore requires just as much flexibility and intuition as it does skill and software. A mature team will already have protocols in place but will have the wisdom to know when alternative measures will be more effective.

Take a look at our blog on digital spring cleaning for even more pointers on cyber health.

  1. Decide who will conduct your threat hunt: your internal security team or an outsourced third party?

There are pros and cons of both internal and outsourced threat hunting. Effective and proactive threat hunting requires nonstop network surveillance and, as mentioned, a mature and state-of-the-art security team… and not every organization can claim to have those capabilities. Outsourcing to a third-party threat hunting service can do the job comprehensively while minimizing the disruption on the routines of the organization.

  1. Develop a plan and stick to it

Valenzuela emphasizes the need to focus on “the three knows”: knowing your enemy, knowing your network and knowing your tools. Pick one specific topic to investigate at a time (e.g., “X event is/is not happening in our cyber environment”), develop a hypothesis, and test that hypothesis in order to reach a conclusion. Collect your data and automate where possible.

Click here for Richard Ford’s take on the vicious cycle of incident-based cybersecurity protocols.

Threat hunting: It isn’t just a fad. In fact, it has taken center stage in the world of IT and cybersecurity as integral and important to every organization. Threat hunting puts your power and network privacy back into your hands, as a strategy that steps away from only playing defense. It is proactive, not reactive. Whether you conduct your hunt with an in-house security team or outsource, prioritizing threat hunting can be easier than you might think. All it takes is experience, an awareness of the fundamentals and the flexibility to deviate from them and thorough planning.

Now that you’re a threat hunting pro, check out the rest of the Secure360 blog to find out what else there is to learn. Have some pointers? Leave your ideas in the comments below!

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: Thanks for sharing @ZizZinet! We can't wait to have you back for virtual conference round 2! Hopefully 2022 will br… https://t.co/JpwNWnl04n
    about 7 hours ago

  2. Secure360 Conference
    Secure360 Conference: @ZizZinet Woo hoo! We're so excited to welcome you back
    about 7 hours ago

  3. Zinet kemal
    Zinet kemal: Looking forward to the upcoming @Secure360 conference. A look back at 2019 (in person) vs 2020 (remote) conference… https://t.co/MuqXxQJV6q
    about 10 hours ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.