Threat hunting gains momentum

Is it time for your business to utilize threat management software?

by Jessica Burgamy

The cybersecurity community is in search of the “Holy Grail” of predictive mitigation to help prevent attacks.

Tools are quickly evolving and the sources that fuel the analytics for mitigation are increasing. This is the forefront of a practice called threat hunting.

Attacks could happen to your business

Threat hunting involves active threat analysis, in which enterprises get to know their adversary and pro-actively search for their presence within a network.

Informally, threat hunting has been around for a while. However, two things recently catapulted it into the public view.

First, there has been a mindset shift among businesses. No longer do organizations think "this could never happen to my business".

Instead, they acknowledge the importance of cybersecurity and aim to stay ahead of attackers.

Second, threat hunting has become more relevant by utilizing threat intelligence gathered through big data analytics. This helps IT teams determine who the potential bad actor is and where they’re coming from.

Set up a tactical threat hunting team

When setting up a threat hunting program, it's important to think about who might be attacking your platform – and why.

Think about what might motivate them and what information they may want from your network. For example, are they:

  • Financially motivated?
  • Insiders within your business?
  • Nation state actors?
  • Someone else

If feasible, reach out to your business community to find out if they’re experiencing similar attacks. Next, think about where a hacker might go to exfiltrate your data, and what essential business processes you need to protect.

It’s critical you baseline your business’ basic traffic patterns so you can find the anomaly before the attack is launched.

Lastly, once you find the anomaly, have your IT team structured flexibly so team members can be re-tasked to address the issue immediately.

Work to constantly mature your threat hunting program to make it new. Because attacks are constantly evolving, you want to see to it that you are keeping up with new trends in the cybersecurity space.

Utilize threat defense software

Consider purchasing software to aid in your threat hunting endeavor. The software should:

  • Prioritize security events
  • Rapidly notify your team when malicious intruders or unauthorized activities are detected
  • Provide a broad view of the security in your network
  • Efficiently correlate alerts from multiple devices and device types across the entire enterprise
  • Help to protect information against unauthorized use
  • Assist in keeping business applications running effectively and efficiently

To learn more about threat hunting, check out AT&T Threat Manager – Log Analysis.