The art of Hunting - Exposed!

Oftentimes, people presume that cyber threat hunting is a process that is highly dependent on tooling. While tooling is an important element of the process, the artistic element still plays a significant role in the overall success of the hunt.

Let me explain the process metaphorically using a “Forest Hunt” mission.

let’s assume you have been tasked to conduct a reconnaissance mission in a forest to confirm that no one is hiding in the woods. Now let me assure you that starting your hunt with gun or knife (i.e. IR tools) will not give you better chances on “finding” the criminal. No doubt, those are useful weapons to have but they are not what you need at this stage.

Your mission as a threat hunter is to find the intruder but not to neutralize it (more on this coming below).

What you really need is someone with hunting instinct and reasoning, someone who knows the forest inside out, someone who knows criminal thinking, what they are after and where they typically conceal.

This person will also leverage other situational awareness inputs like weather, rain, rivers, shelters to anticipate the next move of the intruder. Basically, observing everything within your hunting range and look for the reasons why things are as they are.

Reasoning the environmental abnormalities will help you uncover IOC’s (Indicators of Compromise) such as bird flocks and foot prints. All those skills are equivalent to the technical TTPs (Tactics, Techniques and Procedures) we use in the digital equivalent of the forest hunt.

Another important aspect of threat hunting is to know when to stop. For example when you find the intruder, your mission is done as a threat hunter. You will now need to engage your incident response team (i.e SWAT) with their state of the art “skills” and “tooling” to neutralize the target. Once the target is neutralized, now shift your focus on how to prevent recurrence of the incident. Use the knowledge and the experience gained during the hunt to improve the capabilities of your detection and prevention systems.

Hunting is subjective and not every hunt is successful. You never know if this was the only intruder in your forest. With this, I would like to leave you with one question?

The hunting season is coming, what role you want to play, the “Predator” or “Prey”?

--------------------------------------------------------------------------------------------------------------

Would you like more interesting articles?

• Why Compliance does not equal security?
• Why do we keep getting hacked?
• How to build your cyber condition?
• How to reduce your attack surface?
• Security is a journey not a destination!
• What is Cyber Stamina?
• Where Are The Risks?

#cybersecurity #informationsecurity #security #infosec #securitynews #datasecurity #ddosattacks #threathunting

#cybersecurity #security #informationsecurity #ddosattacks #ddosprotection #infosec #samurai #ronin #japanese #miyamotomusashi #incidentmanagement #incidentresponse #cisos #cisolife #incident #incidents #cert #cloudsecurity #cloudcompliance #incidentresponseplan #responsiveness #humanintelligence #humanfactor #cisomag #cisoseries #cyberresiliency #cloudapplications #cloudinfrastructure #cloudarchitecture #secops #incidentes #eventmanagement