Disrupting the Disruptors: How to Threat Hunt Like a Pro

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Editor’s Note: The following blog post is a summary of an RFUN 2017 customer presentation featuring Ismael Valenzuela from McAfee.

Key Takeaways

  • Going from responding to incidents to actively hunting threats is a stance shift that requires maturity in an information security operations center, says Ismael Valenzuela, a cybersecurity veteran at McAfee.
  • Maturity means first covering the security fundamentals in your organization before cyber threat hunting. It takes experience, critical thinking, flexibility, and an ability to see the context and methodology behind attacks — far more than the best technology or a reliance on protocols and procedures — to be an effective threat hunter.
  • Focus on the three “knows”: knowing your enemy, knowing your network, and knowing your tools.
  • Advances in artificial intelligence, although providing important supplements to a cybersecurity framework, will never replace human experience. Effective human-machine teaming will lead to the best results.

As the saying goes, the best defense is a good offense. When it comes to cybersecurity, that means shifting from merely responding to intrusions and attacks to actively searching out threats and destroying them. Having the capacity and know-how to make this stance shift is a key element of a mature information security operations center (SOC), says Ismael Valenzuela, who recently gave a presentation on threat hunting at RFUN 2017.

Valenzuela has worked in cybersecurity for decades and has been a member of the Foundstone team at McAfee for six years, performing incident response in the United States, Europe, and the Middle East. He is also a SANS-certified instructor who has taught classes on continuous monitoring, forensics, and security operations for the past seven years.

Read the rest of the blog here >

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Recorded Future
Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources and provides invaluable context that’s delivered in real time and packaged for human analysis or instant integration with existing security technology.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?