3 THREAT HUNTING MYTHS YOU SHOULDN’T BELIEVE

INTRODUCTION

Threat hunting activities can generate tremendous benefit for organizations, and not just in finding hidden active threats in the environment. When done regularly, threat hunting can feed SOC threat detection capabilities with additional detection content and improved telemetry about the tactics, techniques, and procedures (TTPs) of threat actors specifically targeting an organization’s assets.

THREAT HUNTING MYTH #1: YOU NEED TO HAVE INDEFINITE VISIBILITY AT THE ENDPOINT

Often times security teams are hesitant to begin threat hunting because they don’t have complete or indefinite visibility into their endpoint assets. While endpoint logs certainly can be very valuable for threat hunting, they are definitely not a prerequisite for a wide range of hunts.

THREAT HUNTING MYTH #2: THREAT HUNTING SUCCESS DEPENDS ON SOPHISTICATED TECHNIQUES

Another common misconception is that threat hunting success depends upon very complex techniques and methods. Many times — often, in fact — simple techniques can detect a wide range of hidden threat behavior that can completely bypass existing security controls. There are some very common malicious techniques that a large body of attacks must complete in order to carry out their entire attack chain.

THREAT HUNTING MYTH #3: YOU NEED ANALYSTS OR THREAT HUNTERS WITH YEARS OF EXPERIENCE

One of the big constraints for starting up a threat hunting team is that there aren’t a whole lot of experienced threat hunters available for hire today. But a security team can bootstrap a basic threat hunting program using existing security analysts and a few simple tools.

IF NOTHING ELSE, REMEMBER THIS THREAT HUNTING TIP…

The lesson from all of these busted myths should be that threat hunting is not an all-or-nothing affair. Yes, advanced threat hunting does take a higher level of sophistication and investment to achieve. But it’s very worthwhile and beneficial to start getting out there and doing hunts any way that you can.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.