Mastering the art of threat hunting allows security teams to go on the offensive — to put themselves in the minds of bad actors and stop them in their tracks.
Oded Awaskar, senior manager for Unit 42’s Managed Detection and Response (MDR) team, thinks of it as playing Sherlock Holmes.
“It’s a lot like the detective work you see in movies,” he said. “We formulate hypotheses of how a threat actor would mount an attack, find ways to prove these hypotheses, then dive deep into the leads generated by these hypotheses.”
Threat hunting is the practice of proactively examining your environment for attacker tactics and techniques. Threat hunters parse security data in search of malware, suspicious behavior patterns, and other indicators of compromise. Their findings give rise to incident triage and response processes.
Threat hunting isn’t always easy, especially in light of changes brought about by cloud storage, third-party software, and limited access to essential logs. As the range of digital products and services utilized by organizations has expanded, they’ve given attackers more places to hide or create footholds.
“The real key is to communicate during that process about what you find and what you’re doing,” he said. “The client has to have an idea of how the threat is being addressed and when business operations will be restored.”
Threat Vector Podcast: Exploring the Art and Science of Threat Hunting with Oded Awaskar
For organizations considering adopting their own threat-hunting programs, Awaskar said it’s important to understand that threat hunting focuses on identifying major incidents and sophisticated attackers.
As threat actors innovate new tactics and malware, indicators of compromise and anomalous behavior will become more difficult to detect. To be effective, threat-hunting teams must have access to comprehensive logs and a modern platform that unifies data from disparate sources. AI and machine learning paired with human expertise can make threat hunting faster, broader, and more effective, in ways that include automating repetitive tasks and creating and iterating on queries.
Cortex XSIAM acts as a universal hub for data and applies out-of-the-box behavioral profiling driven by machine learning and AI. This allows security and threat-hunting teams to cut through the noise and spot true malicious behavior.
Awaskar advises organizations to look inward as well. Exploring anomalies in employee behavior can mitigate insider threats, while addressing gaps in broader cybersecurity hygiene can go a long way in shoring up your security posture.
Most security teams are too inundated with alerts and manual processes to conduct the proactive mission of threat hunting. As the cybersecurity labor shortage persists, partnering with an experienced MDR or managed threat hunting provider can position organizations to protect themselves against the ever-growing landscape of cyber threats.
“Threat hunting is an evolving discipline that requires constant adaptation and an innate curiosity,” Awaskar said. “Using an MDR service gives organizations immediate access to an extensive pool of experienced analysts and threat hunters. Our team provides real-time 24/7 coverage and proactive preventative measures, so our clients can have true peace of mind.”
Learn how Unit 42 managed services can empower your team.
Subscribe to the Threat Vector podcast for cybersecurity and threat intelligence insights.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.