Introduction
Protecting an enterprise environment can sometimes feel like an uphill battle.
Information security teams are often stuck in cyclical patterns where it feels as if the alerts never end and the attackers are constantly successful.
Unfortunately, this pattern is a symptom of organizations that live in reactive mode.
In this mode, security and/or response teams are waiting for an alert—internal or external—to tell them where to go next. There is little, if any, direction to find threats before they become something worse.
To truly get ahead of attackers, organizations should start thinking proactively; in other words, think like threat hunters. Admittedly, the term “threat hunting” is not a new one.
In fact, many mature organizations have various threat hunting programs that are either separate teams or, more often, integrated with the security operations center (SOC) and/ or incident response teams.
When many organizations hear the term threat hunting, however, it often gets translated incorrectly to “go find evil.” Finding evil is much easier said than done—it’s not as if the attackers are waving white flags telling you all the steps they took! Instead, threat hunting is a complex undertaking that needs to take a long-term view on success.
