5 Habits of Highly Effective Threat Hunters (1)

1
(No Transcript)
2
(No Transcript)
3
Threat Hunting is hard
What is cyber threat hunting?
Proactive cyber defence activity. It is "the
process of proactively and iteratively searching
through security data to detect and isolate
advanced threats that evade existing security
solutions."
4
Threat Hunting is hard
Of all the security challenges, the gnarliest
problem is threat hunting
Chasing down the unknown-unknown
5
Threat Hunting is hard
Takes a lot of talent, time and s to buy and
implement the tools, hire and grow the team,
develop process.
6
1 Dont succumb to chasing the threat du jour

• There is always some high profile exploit out and
  about
• Trust the process, dont get derailed

7
5 habits of highly effective threat hunters
2 Work in conjunction, not isolation
Integrate the threat hunting team with IT Ops,
Content and automation
8
5 habits of highly effective threat hunters
3 Visibility is everything

• Are you getting the right data, from the right
  assets, at the right time?
• You cant catch what you cant see

9
5 habits of highly effective threat hunters
4 Baseline is difficult, but oh so necessary

• Know what is normal?At this time of day, day of
  week, month of year?
• Maintaining an adaptive baseline is technically
  difficult but how else to detect out-of-ordinary?

10
5 habits of highly effective threat hunters
5 Hypothesize early and often

• A threat hunter hypothesizes because IOCs
  arent the trigger
• IOCs are all well and good but consult them
  during the hunt

11
Watch the complete video by clicking on the link
below.