Thinking like a Hunter: Implementing a Threat Hunting Program
Protecting an enterprise environment can sometimes feel like an uphill battle. Information security teams are often stuck in cyclical patterns where it feels as if the alerts never end and the attackers are constantly successful.
Unfortunately, this pattern is a symptom of organizations that live in reactive mode. In this mode, security and/or response teams are waiting for an alert - internal or external - to tell them where to go next. There is little, if any, direction to find threats before they become something worse. To truly get ahead of attackers, organizations should start thinking proactively; in other words, think like threat hunters. Admittedly, the term "threat hunting" is not a new one. In fact, many mature organizations have various threat hunting programs that are either separate teams or, more often, integrated with the security operations center (SOC) and/or incident response teams.