Uncovering the unknowns. Hunt the dark space
Cyber attacks are becoming more advanced with each year, as indicated by the increase in data breaches
Threat hunting is a proactive approach to cybersecurity that involves actively searching for undetected threats, in a system or network. Once inside a network, attackers can lurk for months, retrieving data or stealing credentials to move laterally across the network.
Traditional cybersecurity only reacts, responding to attacks once the malicious actor is inside the network. Threat hunters get ahead of attackers by proactively searching for suspicious activity.
Key security risks
- Human error is one of the main causes of breaches
- Phishing and business email scams
- Malware
- File system Resident Malware
- Ransomeware
What makes a successful threat hunter
Threat hunters use software tools to automate the process. The three most basic tools are logs, SIEM systems, and analytics:
- Logs
- SIEM
- Analytics
Skills that a threat hunter should posses
- Environmental knowledge
- Scientific Methods
- Statistics
- Investigative Mind
Methods to Hunt for threats
- Hypotheses based investigation
- Threat based investigation
- Machine learning based investigation
Strategies of threat hunting
- Know the environment you are protecting
- Understand the threat
- Analyse the dark web
- Protect all endpoints
- Ensure network visibility
- Mind the insider threats
Threat Forecast
- A third of data breaches will be caused by shadow IT resources
- Most vulnerabilities will be the ones known for the past years
- More than a quarter of identified attacks will involve the Internet of Things (IoT)
The threat landscape is changing. The last wave of data breaches prove the need for a proactive approach to security. Applying the right strategies can help threat hunters beat attackers in their own game.
