Humans Join Systems On The Hunt for Threats
Adversaries, and cyber criminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”
Threat hunting is the proactive technique that’s focused on the pursuit of attacks and the evidence that attackers leave behind when they’re conducting reconnaissance, attacking with malware or exfiltrating sensitive data. Instead of just hoping that technology flags and alerts you to the suspected activity, you apply human analytical capacity and understanding about environment context to more quickly determine when unauthorized activity occurs.
The process of threat hunting allows attacks to be discovered earlier with the goal of stopping them before intruders are able to carry out their attack objectives. Until there were tools available that could give analysts a data‐centric view of what was going on in their environments, all that organizations had were the time‐proven, but no‐longer‐effective, log review techniques for discovering that the horse escaped from the barn yesterday, last week, or even last year.
While threat hunting requires specific tools and technology, a successful program requires far more: motivated, trained personnel; collaboration across the information technology department and the business; a desire to make needed improvements to keep attackers out; local context; environmental understanding; and differentiation between what’s expected and not.
Many organizations have yet to start a threat hunting program, and an Ebook by Peter H. Gregory explains what threat hunting is and how to get a program off the ground. In the book, Threat Hunting For Dummies, Carbon Black Special Edition, Gregory explores the concept of threat hunting and the role it plays in the protection of your organization’s systems and information.