Threat Hunting Needs Technology and People

Dateline: July 14, 2017

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

Continuing on our theme of the organizational side of cybersecurity leadership, this week we look at threat hunting.  A blog titled Threat Hunting and the Pyramid of Pain (written by flOx2208, a “common human being wanting to share my knowledge and experience”) suggests that organizations must have their own threat hunting capabilities as part of their cybersecurity plan–relying only on 3rd parties to provide this service is not enough.  Further, an organization must have both technology and human resources to be effective.

Threat hunting and Incident response goes beyond just deploying a product within the network and responding based on what it alerts. It goes beyond normal rule and/or signature based mechanisms to detect threats that one cannot detect with just plug-n-play devices. Both requires human factor to perform these actions. Deep diving into the networks and looking for adversaries (active defense and/or pro-active investigations) is a must have within the organisation and Incident Responders and IT Team must work hand in hand. And don’t forget to involve Forensics. Yes, we need forensics to gather evidence properly.

(Personal note: I really like the Pyramid of Pain framework. It’s a good framework for understanding how to thwart malicious attackers, based on how painful it would be for them if you addressed each layer of the pyramid. It came on the scene in 2013. Read more about it here)

How do you combine human resources with technology to hunt threats to your information systems?

That’s a WRAP!  Have a great weekend!

Speak Your Mind