Actu
Threat Hunting Top Requirements for Analysts and Management
August 2021 by Marc Jacob
In a recent white paper ‘The Fundamentals of Threat Hunting. Hunt Like a Pro’ SecurityHQ brought to light the fact that most organisations had a very limited understanding of what threat hunting is, and that without the right threat intelligence it is practically impossible to know what information is available across all digital platforms. Especially regarding business information and data. In fact, the paper concluded that most organisations are unaware of who or what is targeting them at any given time. And what organisations do know, often gets confused with other areas of detection and response.
The Challenge with Threat Hunting
Threat Hunting is a process, not a one-off activity. It requires planning, it requires ideas, and it requires attack theories. It is important that we call it a process because it is bigger than just a one-off task. Think of it as a continual loop.
A business can use threat hunting to find unidentified threats in a network, to identify current or historical attacks, breached corporate material, credentials, intellectual property and brand infringement by harvesting data available on the visible, dark, and deep web. This is done by analysing both current and historical security logs, pulling data apart and analysing the anomalies. Threat Hunting is about creating a plan, selecting a focus, and creating a hypothesis.
The Solution
According to Swapnil Bohsale, Security Consultant, SecurityHQ, ‘Threat Hunting is all about knowing the ’Unknown’. Security controls in place can be trusted to detect traditional attacks. However, Threat Hunting if performed with relevant context driven by intelligence and analysis helps to catch novel cyber-attacks. In the end, it is all about connecting the dots to have a broader picture of your network.’
Which is why SecurityHQ’s latest paper, ‘A Checklist for Effective Threat Hunting. Top Requirements for Cyber Analysts and Management.’ takes this discussion a step further to provide a checklist of key questions and decisions analysts and management must make when implementing threat detection. This is done by exploring the threat hunting outline, key questions for analysts, key questions for management, tracking threat hunting overview, and a synopsis on the outputs of threat hunting.
