Threat Hunting

At times i get amused when questions like "Do we really have to put more energy and invest so much in threat hunting rather than wait for attacks to happen before we gather our tools to start threat hunting". The answer is, if we really need to try stay close to the adversaries and fish out Cybersecurity threats in our networks or environments we need to stay wide awake and focus on hunting for those malicious threats that could smell trouble before they create irrecoverable damages.

So what is threat hunting and why should we hunt?

Threat hunting simply put, is "proactively" searching for and identifying malwares or adversaries that are wandering and trespassing in our networks with intention of stealing data, eavesdropping for confidential information or to gain privilege access with stolen credentials. Does it mean then that traditional threat management measures such as intrusion detection systems (IDS),firewalls, sandboxing, and SIEM systems are not reliable enough to hunt this potential attacks. These involve an investigation after a potential attack or a security incident have triggered of the alarm. They are reactive, much more automated and not proactive measures. Proactivity and human skill is what really sets Threat Hunting apart.

Todays attackers as we have seen are more sophisticated, highly advanced and have found so many ways to disguise their activities, rarely show signs of their presence and go undetected for months or even years. Therefore, efficient and proper threat hunting offers a sufficient network visibility in assisting SOC teams, cyber security analysts and security professionals to triage this malicious activities as well as effectively initiate incidence response. To put it mildly, we threat hunt to be able to counter the advanced techniques and skills cybercriminals use to evade detection by using conventional means. This helps to safeguard and keep the business future of organizations from being put at risk.

However, regardless of the effort made by Threat Hunting, cybercrime will not stop, attackers can only move on to the next target when it becomes so hard for them to get into a particular organization that has invested much in expertise, technology and processes.

In Summary, Threat hunting irrevocably makes a business come out on top.