Threat hunting will be viewed as norm
A threat hunting programme can be effective at locating attackers within an environment and identifying gaps in security monitoring and detection, but only if introduced and layered with other elements of a cyber security initiative.
This is according to O'Shea Bowens, founder and CEO of Null Hat Security, who is a speaker at ITWeb Security Summit 2019, to be held from 27 to 31 May, at the Sandton Convention Centre.
Threat hunting is becoming increasingly popular as a way to pinpoint adversaries before they can successfully execute an attack. Threat hunters proactively and iteratively detect, isolate and neutralise advanced threats that slip through the nets of automated security solutions, by using a combination of tools, analytics and threat intelligence, with human instinct and analysis.
"I believe the cyber security industry will begin to view threat hunting as a norm within an organisation," he adds.
When adopting threat hunting, there are several points of failure to avoid, says Bowens.
"Politics and failures of communication should be addressed. Threat hunters need strong relationships with networking, development and system administration teams to aid their endeavours.
"In addition, management should understand that immediate results, or results produced as quickly as SIEM [security information and event management] metrics or daily events, simply aren't realistic. Patience and resources are key."
He says preparation is vital to building a robust threat hunting programme. "Certain precursors must be in place. Log management is one of the most important first steps in the process. Businesses must ensure they have the ability to search across their environment and they should attempt to identify any 'black holes' or lack of visibility, and raise these risks to the appropriate managers."
Delegates attending Bowens' talk will gain an understanding of what constitutes an effective threat hunting programme and the results it will yield.
"My aim is that delegates leave the session in a position to implement or begin to build out a programme of their own."