May 28, 2023

Uncovering the unknowns. Hunt the dark space

Cyber attacks are becoming more advanced with each year, as indicated by the increase in data breaches

Threat hunting is a proactive approach to cybersecurity that involves actively searching for undetected threats, in a system or network. Once inside a network, attackers can lurk for months, retrieving data or stealing credentials to move laterally across the network.

Traditional cybersecurity only reacts, responding to attacks once the malicious actor is inside the network. Threat hunters get ahead of attackers by proactively searching for suspicious activity.

Key security risks

  • Human error is one of the main causes of breaches
  • Phishing and business email scams
  • Malware
  • File system Resident Malware
  • Ransomeware

What makes a successful threat hunter

Threat hunters use software tools to automate the process. The three most basic tools are logs, SIEM systems, and analytics:

  • Logs
  • SIEM
  • Analytics

Skills that a threat hunter should posses

  • Environmental knowledge
  • Scientific Methods
  • Statistics
  • Investigative Mind

Methods to Hunt for threats

  • Hypotheses based investigation
  • Threat based investigation
  • Machine learning based investigation

Strategies of threat hunting

  • Know the environment you are protecting
  • Understand the threat
  • Analyse the dark web
  • Protect all endpoints
  • Ensure network visibility
  • Mind the insider threats

Threat Forecast

  • A third of data breaches will be caused by shadow IT resources
  • Most vulnerabilities will be the ones known for the past years
  • More than a quarter of identified attacks will involve the Internet of Things (IoT)

The threat landscape is changing. The last wave of data breaches prove the need for a proactive approach to security. Applying the right strategies can help threat hunters beat attackers in their own game.

Leave a Reply

%d bloggers like this: