Monday, April 19, 2021

Threat Hunting 101

As cybersecurity professionals, it is important to understand real-world threats facing your organization. Although there are plenty of tools and technologies to help identify thousands of possible vulnerabilities, threat hunting helps narrow these down into more realistic probabilities, and also helps you formulate appropriate countermeasures. 

Threat hunting is a process that organizations of almost every size should engage in. Based on your organization's industry, it will help identify who likely attackers are, their methods, and their motivations (e.g., information, money). This is a critical component to ensuring that you understand the gaps that your organization may have and strategize the best ways to secure the organization. 

At the end of the day, how can you stop what you do not understand? Understanding the common points of attack and methods in play by routine threat-hunting is an important part of a holistic cybersecurity program. 

Here are a few ways to get started:

  • Join groups specific to security in your industry – they have a wealth of knowledge.
  • Take a look at the MITRE ATT&CK Framework – to understand the most common methods of attack (see https://attack.mitre.org/).
  • Stay up-to-date with CISA alerts on cybersecurity attack methods – and keep an eye out in your own organizations for signs of compromise (see https://www.cisa.gov/).