Part-time Threat Hunting: Considering its Efficacy

Photo by Josh Felise on Unsplash

The Prioritization of Limited Resources

I appreciate the author’s point on the significance of the velocity of modern attacks post-initial compromise. I also understand the unique value of a 24/7/365 hunting program. I can also get behind the general idea that “good-enough” security can be a dangerous downfall. But at the end of the day, organizations are limited in resources — some more than others.

A Case Made for External Threat Hunting Services

Photo by Marc-Olivier Jodoin on Unsplash

Strategies to Compensate for the Disadvantages of Not Being a World-Class Security Threat Intelligence and MSSP

Photo by Gian Luca Pilia on Unsplash

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu

Know Yourself: Focus on your weak points. Strive to make no duplicate effort in the detection coverage of your SOC. It does us no good to uncover a partially successful attack that the SOC has already triaged and remediated. Do consider if there are aspects of the attack that were not automatically presented to your SOC. Perhaps you will identify new threat hunting or SOC alerting opportunities.

Consider Threat Intelligence-Driven Threat Hunts (What a Mouthful)

For those looking for examples of high-profile and actionable intelligence authored to support a robust and “adversary-ephemerality” resistant approach to detection, I will provide some examples I have created in the past designed to help both the veteran and those new to the threat hunting practice and discipline.

It Takes a Village

Photo by Thomas Bonometti on Unsplash

A Final Thought for Threat Intelligence Content Creators

Photo by Thomas Bonometti on Unsplash

A Final Thought for Organizations Considering Threat Hunting

Photo by Michal Czyz on Unsplash

Cheers!

But that is just this guy’s opinion. As always, my opinions are my own. Interested to see how our industry's view of Threat Hunting and how we enable people to do it evolves. Happy New Year, everyone! Cheers — with coffee.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Christian Taillon

A cyber nerd who believes that you don’t have to work at the same company to be on the same team.