https://www.nextgov.com/ideas/2018/11/where-are-all-threat-hunters/152496/
By Tim Roddy
Nextgov
November 1, 2018
Threat hunting likely ranks second after artificial intelligence as a
leading cybersecurity marketing buzzword and top airport advertising
theme. Why not hunt for threats when dwell time between attack infections
and detections can take months? Hiring threat hunters could change the
playing field dynamics so if attackers make a mistake, they risk being
detected. Sounds good, however, the real answer is more complex.
Know the Differences Between Threat Detection, Threat Modeling and Threat
Hunting
Threat detection leverages multiple detection techniques from signatures,
rules and patterns to anomaly detection, machine learning and behavioral
analysis to find known threats, query or model. Matching indicators of
compromise to various data sources is a form of threat detection and so is
searching a security data lake. It is all too common for security and
service vendors to incorrectly market threat detection as threat hunting.
Threat modeling is a proactive process to improve applications, systems
and network security by assessing potential risks, threats and
vulnerabilities often from an attacker's perspective, and then prioritize
countermeasures to address the effects. This practice is maturing and will
be increasingly important for cloud, internet of things, and autonomous
solutions for converged information technology/operation technology
networks.
Threat hunting is a proactive, analyst-centric, iterative and interactive
ad hoc process driven by expert intuitive hypotheses assuming a breach.
The practice combines security expertise, data analyst skills and creative
thinking upon a knowledgebase across applications, systems and networks.
This is usually implemented by only the most mature security
organizations.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
