• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

3 steps to becoming a threat hunting pro

June 8, 2018 by Secure360 and UMSA

Circling sharks in blue water

Copyright : cbpix

Threat hunting is the process during which security professionals look for threats that already exist within their organization’s IT infrastructure. This differs from penetration testing (also called pen testing), which seeks out and identifies vulnerabilities that a hacker could use to invade a network. Here is our advice on becoming a threat hunting pro and safeguarding your organization.

  1. Build your information security operations center from the ground up and focus on the fundamentals

Threat hunting isn’t for the young, amateur security team, says Ismael Valenzuela, threat hunting pro who has worked in cybersecurity for decades. Shifting from a reactive, response-based system to a preventative one that actively “hunts” threats and neutralizes them takes maturity. Anticipating a potential cyber threat is not an exact science, and therefore requires just as much flexibility and intuition as it does skill and software. A mature team will already have protocols in place but will have the wisdom to know when alternative measures will be more effective.

Take a look at our blog on digital spring cleaning for even more pointers on cyber health.

  1. Decide who will conduct your threat hunt: your internal security team or an outsourced third party?

There are pros and cons of both internal and outsourced threat hunting. Effective and proactive threat hunting requires nonstop network surveillance and, as mentioned, a mature and state-of-the-art security team… and not every organization can claim to have those capabilities. Outsourcing to a third-party threat hunting service can do the job comprehensively while minimizing the disruption on the routines of the organization.

  1. Develop a plan and stick to it

Valenzuela emphasizes the need to focus on “the three knows”: knowing your enemy, knowing your network and knowing your tools. Pick one specific topic to investigate at a time (e.g., “X event is/is not happening in our cyber environment”), develop a hypothesis, and test that hypothesis in order to reach a conclusion. Collect your data and automate where possible.

Click here for Richard Ford’s take on the vicious cycle of incident-based cybersecurity protocols.

Threat hunting: It isn’t just a fad. In fact, it has taken center stage in the world of IT and cybersecurity as integral and important to every organization. Threat hunting puts your power and network privacy back into your hands, as a strategy that steps away from only playing defense. It is proactive, not reactive. Whether you conduct your hunt with an in-house security team or outsource, prioritizing threat hunting can be easier than you might think. All it takes is experience, an awareness of the fundamentals and the flexibility to deviate from them and thorough planning.

Now that you’re a threat hunting pro, check out the rest of the Secure360 blog to find out what else there is to learn. Have some pointers? Leave your ideas in the comments below!

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 2 days ago

  2. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 2 days ago

  3. smallarmy
    smallarmy: @TylerCohenWood @Secure360 Good
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.