This free excerpt from the new book Building an Effective Cybersecurity Program, 2nd Edition, by Tari Schreider C|CISO, CRISC, ITIL® Foundation, MCRP, SSCP will help you to begin Building YOUR Cyber Threat, Vulnerability Detection, and Intelligence Capability.
This chapter will help you to:
- Understand the relationship between threats and vulnerabilities.
- Understand how to identify and categorize threats.
- Know how to detect vulnerabilities within your organization.
- View your organization as an attack surface.
Learn more about this book — see Building an Effective Cybersecurity Program 2nd Edition
Here’s a brief sample:
3.2.5 Cyber Threat-Hunting
If you are tired of the suspense of waiting for the bad actors to come to you, consider going to them. A rapidly emerging practice is cyber threat hunting. As the name implies, some organizations have gone on the offensive and have begun to hunt down bad actors, seeking evidence of their malicious activity within their network. Threat hunting leverages cyber intelligence, threat analytics, and security information and event management solutions to hunt advisories. Cyber threat-hunting is “what’s next” for your security operations (SecOps).
A 2016 SANS Institute survey of nearly 500 participants on threat-hunting revealed that nearly 86% of organizations are involved in some form of threat-hunting today, albeit informally. According to the survey author, Dr. Eric Cole, respondents are still figuring out exactly what a threat hunting program should look like, how to attract the right skills, and how to automate their hunting processes.
Rather than focusing on the noise of attacks crashing the gates of your firewall, hunting focuses on what may already be happening inside your network. Identifying lateral or east-west movement of attackers searching your devices to gain access privileges is where the big game is now. Lateral attacks occur behind the firewall where attackers move sideways going from application to server looking for something to compromise that will grant them elevated privileges. Many prominent attacks have occurred when attackers have been inside the network for months if not years. You must face a reality of life today – hackers or insiders with ill intent may already live behind your firewall, searching your network for vulnerabilities to exploit.
Did You Know?
In June of 2019, NASA’s Jet Propulsion Laboratory (JPL) was cited by the Inspector General for not implementing a threat hunting program recommended by IT security experts to aggressively pursue abnormal activity on its systems for signs of compromise, and instead rely on an ad hoc process to search for intruders. Have you investigated deploying threat hunting?