SC eBook Preview: Threat Hunting Essentials
(This is an excerpt from the SC Media e-book “The Basics of Threat Hunting – How to Build an Effective Process.”
Threat hunting, a cybersecurity discipline where trained human operators investigate, identify, and eliminate threats or vulnerabilities in a network, is not a new practice. But over the past two years, many other security professionals have joined the fight.
In 2020, only half of cybersecurity respondents at a Survey WITHOUT saw the value of threat hunting, and an additional 30% didn’t even know how to start instituting it. But in this industry, a lot can change in two years.
Flash forward to today, where several factors have woken up the cybersecurity community. Adversarial tactics continue to evolve rapidly. The number of interactive hacks involving creative scripting and “keyboard manipulation” tactics increased 400% in the year following the SANS survey. The pandemic has moved a significant portion of the workforce to remote work environments. Under this new arrangement, many companies have struggled to extend existing firewall protections from the office to geographically dispersed employees, creating the conditions for a significantly larger attack surface.
In addition to this, organizations have added millions of additional IoT terminals and devices to their networks. As a result, Security Operation Center (SOC) personnel are under immense pressure to process ever-increasing volumes of data and distinguish real threats from network noise and false positives.
Detection and response are no longer enough. All the evidence suggests that organizations need to go on the offensive by introducing effective threat hunting programs that can anticipate and prevent increasingly sophisticated attacks.
This eBook, sponsored by Sophos, explores essential threat hunting tools and techniques, how to get started and how to optimize.
Covered in this eBook:
- Threat Hunting 101: Most organizations already use some degree of cybersecurity: encryption, network security monitoring, web vulnerability scanning, firewalls, and anti-virus software. So why hire a threat hunting team?
- Threat Hunting Challenges: Many tools are not natively designed to block the latest attack tactics. They don’t look for the familiar and ordinary, they look for the unfamiliar or out of the ordinary.
- Advances in Threat Hunting: Threat hunting has progressed even in the past couple of years. One of the main reasons is that organizations now have an incredibly wide array of sensors and measurement tools to inform their threat hunts.
- Five steps to effective threat hunting: Threat hunting can benefit organizations by improving security posture and overall vigilance, cultivating a culture of proactive risk management and mitigation, and adding greater visibility of the attack surface and adversary tactics . The key is to take advantage of the wide array of sensors and measurement tools at your disposal and follow the five steps to effective threat hunting.
“Passively waiting for clear evidence of intrusions is not enough in today’s world. Threat hunting is actually proactively looking for signs of possible future intrusions. In cybersecurity, we tend to be on our guard, but threat hunting also keeps us on our guard. — Matt Hickey, Director of Business Engineering at Sophos
“Even if you have really good tools, whether it’s a firewall or endpoint protection, you’re going to be wrong. People disable protections and add exclusions or write overly permissive firewall rules. They have to accept the fact that they are going to make mistakes. So the question is, how are you going to compensate for those mistakes when you make them— Greg Rosenberg, Director of Business Engineering at Sophos.