Security isn’t the only thing that’s become better with time. Cyber-attacks are now well-timed, smart, and stealthy. As they say, progress works both ways.
Cyber criminals are adept at building tools and utilizing techniques that mask their footsteps, making it difficult for traditional signature-based technologies to identify them. In fact, it’s common for an intrusion to go undetected from its date of origin for days, weeks, or even months.
What does this say? That passive monitoring or relying on traditional tactics to detect signs of malware is ineffective. But cyber threat experts are now switching gears, shifting to a proactive approach that involves hunting for potential network threats. And it’s a change we witness across several organizations today.
What Can You Call Threat Hunting?
On the level of a basic definition, threat hunting is the focused and iterative approach of tracing, analyzing, and identifying enemies within a network. It could stretch to tracing datasets and networks to identify persistent, advanced threats that evade regular security.
However, remember that the reason behind this definition is to shed light on the fact that cyber threat hunting is not a technology, and is instead driven by highly-trained security professionals familiar with accurate and consistent threat detection.
What Are the Tools of a Hunter?
1. Data and Information
Data from your network devices, firewalls, servers, databases, switches, and routers among other sources is important. Nevertheless, even with said data, it’s essential to process and aggregate the same into actionable information for future use.
2. Establishing a Healthy Baseline
A simple but effective method to better understand your network behavior is to baseline it over a period of time. A network traffic baseline, for example, could help you identify and confirm events that are unexpected or unauthorized.
3. Sharing Threat Intelligence
Cyber-attacks are becoming increasingly common in the business ecosystem, and these attacks are sources of intelligence also. Understanding the source of the attack, counter-measures implemented, and lessons learned could teach you how to react should a similar situation arise within your own organization.
A 2017 survey by SANS, a trusted source for information security training, certification, and research, cited that among organizations utilizing threat hunting tactics, about 60% witnessed measurable improvements in security. Going further, around 91% cited improvements both in terms of speed and response accuracy.
What Are the Challenges Impacting Cyber Threat Hunting?
While organizations are beginning to realize the importance of threat hunting practices, it is far from easy to implement. Security teams are often stretched thin, and it also takes a highly-trained expert to hunt. In fact, the cyber security workforce is expected to face a shortage by over 1.8 million by 2022.
But that figure does not have to be as grim as it sounds. Using people to counteract attacks is not a new concept; it’s been around for a while. Kevin Mitnick, a fugitive hacker turned internet security consultant, is a prime example. According to a KPMG research, of the UK companies surveyed, 53% would consider hiring former hackers or criminals to either train or assist with hunting and security.
Perhaps this is the future we ought to look forward to and adapt to. It’s time to detect incidents before they become breaches; it’s time to switch to the offensive. But then again, to either hunt or defend, that choice is yours alone.
To know more join our Upcoming Webinar on Cyber Threat Hunting from the Front Lines.