Adopting this mindset does not mean that traditional defense methods should be ignored.
It enables hunt to proactively search out and destroy threats for which existing security controls were not enough. This assumed breach mindset is the motivation behind hunting, and underpins nearly every hunt activity. The most important point is assuming that other efforts have failed, allowing undiscovered attackers to undermine your cyber security.Įxisting defenses, no matter how robust, will fail to prevent or detect some subset of attackers. Instead, defining hunt as a concerted effort gives us the flexibility to introduce concepts such as discussing an organization’s ongoing hunt operations undertaken by their hunt team, or the effectiveness of a single hunt engagement. This definition is not prescriptive it does not say how hunt is accomplished. Hunt is any concerted effort to discover the attackers inside your network that everyone else missed. This discussion introduces what we suggest is a more useful and lasting definition of hunt, outlining the mindset, approaches, and technologies that support its implementation. By allowing the concept of adversary threat hunting to be relegated to a marketing buzzword, we risk missing out on an important development in network security operations and cyber security. The use of the term hunt has skyrocketed within the cyber security community, but we would argue that its true meaning has often been obscured by conflicting and self-serving definitions. In this post, we expand on that presentation to explore the use of the term “hunt,” and why threat hunting is more than just a buzzword.
In early August we presented a comprehensive webinar on threat hunting.
0 kommentar(er)
