Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Where Are All the Threat Hunters?

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 2 Nov 2018 08:26:08 +0000 (UTC)
https://www.nextgov.com/ideas/2018/11/where-are-all-threat-hunters/152496/

By Tim Roddy
Nextgov
November 1, 2018
Threat hunting likely ranks second after artificial intelligence as a leading cybersecurity marketing buzzword and top airport advertising theme. Why not hunt for threats when dwell time between attack infections and detections can take months? Hiring threat hunters could change the playing field dynamics so if attackers make a mistake, they risk being detected. Sounds good, however, the real answer is more complex.
Know the Differences Between Threat Detection, Threat Modeling and Threat Hunting
Threat detection leverages multiple detection techniques from signatures, rules and patterns to anomaly detection, machine learning and behavioral analysis to find known threats, query or model. Matching indicators of compromise to various data sources is a form of threat detection and so is searching a security data lake. It is all too common for security and service vendors to incorrectly market threat detection as threat hunting.
Threat modeling is a proactive process to improve applications, systems and network security by assessing potential risks, threats and vulnerabilities often from an attacker's perspective, and then prioritize countermeasures to address the effects. This practice is maturing and will be increasingly important for cloud, internet of things, and autonomous solutions for converged information technology/operation technology networks.
Threat hunting is a proactive, analyst-centric, iterative and interactive ad hoc process driven by expert intuitive hypotheses assuming a breach. The practice combines security expertise, data analyst skills and creative thinking upon a knowledgebase across applications, systems and networks. This is usually implemented by only the most mature security organizations. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: