The Hurdles of Threat Hunting

Challenge #1: Budget Constraints

Let’s face it, we all knew #1 was going to be budgetary constraints.

Challenge #2: The Skills Gap

The skills gap affects all areas of cybersecurity, but few as keenly as threat hunting. There are few people worldwide who call themselves threat hunters, and even less with a full skillset. As a result, most teams are low in headcount and can’t run nearly as many hunts as they would like.

Challenge #3: Lack of Dedicated Resources

The SANS 2020 Threat Hunting Survey found 75% of organizations with a threat hunting capability use staff who have other roles — usually in a SOC and IR team. This is preferable to no threat hunting but makes it hard to define consistent, repeatable processes and build effective hunts.

Challenge #4: Threat Intelligence is Not Geared to Threat Hunting

Most organizations with a threat hunting capability have a Cyber Threat Intelligence (CTI) team in place. However, unless the CTI team is fully mature, it won’t include personnel with the broad skill sets needed to produce behavioral and TTP-related intelligence to inform threat hunts.

Challenge #5: The ‘Legitimacy Gap’

As IT environments grow more complex, so do behaviors observed in them. This causes a growing knowledge gap of what is legitimate, even among skilled threat hunters. A hunter might observe behavior that appears unusual, but due to changing architecture, it could be legitimate. This is a challenge for threat hunting teams, which must continually keep abreast of evolving internal conditions and behaviors.

Challenge #6: Confused Terminology

Across the industry, there’s a lack of consistency in the meaning given to ‘threat hunting.’ For clarity’s sake, here are the three activities most commonly described as threat hunting:

  1. Unstructured threat hunting.
  2. Structured threat hunting.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

452 Followers

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.