Share and earn Cybytes
Facebook Twitter LinkedIn Email

by Ben Levitan

If you asked 10 people for a definition of “threat hunting” you’d get 10 different definitions.

For some, the term threat hunting is old wine in new bottle. For others, it’s a luxury amid the fast pace of a security operations (SecOps) organization. For still others, it’s unpacking payloads and sifting through the data, later, when you have time.

But you never have time later in cybersecurity, and so threat hunting is none of these things. Yet it remains an essential component of a security posture that deserves the industry’s attention and petitions cybersecurity professionals to adapt with new skills and sophisticated tools.

Threat hunting is identifying and sneaking up on an enemy that’s already inside your perimeter when they aren’t expecting it. This technique is an improvement on merely waiting for alerts to go off, which is nearly synonymous with allowing bad actors to infiltrate, bide time, and choose their moment to attack. As the saying goes, sometimes the best defense is a good offense.

At this point, I should declare that I subscribe to the SANS Institute philosophy of threat hunting which is the following:

Threat Hunting is about placing an appropriate, dedicated focus on the effort by analysts who purposely set out to identify and counteract adversaries that may already be in the environment.

Legacy Views of Threat Hunting

Years ago, threat hunting was the domain of expert analysts and consultants. These talented people had experience, situational awareness, and perhaps a sixth sense, that was paramount to the task.

Unfortunately, they were limited by rudimentary tools to get the job done. With the exception of perhaps some government agencies, few had access to the analytics or threat intelligence that’s commercially available today.

As a result, threat hunting was reduced to a task that many SecOps personnel performed, but never quite at the level they wanted to, or knew they needed to perform.  Ask any SecOps professional and ‘they knew in their gut’ that they were compromised, but didn’t have the data, tools, or manpower to pursue their hunches.  So, the default mode that’s been etched in the minds of security professionals is to wait for an incident and then react.

To read the complete blog, please click here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?